Re: [TLS] New Cached info draft

Martin Rex <> Tue, 30 March 2010 19:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CAFC63A692E for <>; Tue, 30 Mar 2010 12:08:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.501
X-Spam-Status: No, score=-8.501 tagged_above=-999 required=5 tests=[AWL=0.618, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tFT1AEaj+xXd for <>; Tue, 30 Mar 2010 12:08:33 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A9D1F3A68EC for <>; Tue, 30 Mar 2010 12:08:23 -0700 (PDT)
Received: from by (26) with ESMTP id o2UJ8n9b000573 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 30 Mar 2010 21:08:50 +0200 (MEST)
From: Martin Rex <>
Message-Id: <>
To: (Brian Smith)
Date: Tue, 30 Mar 2010 21:08:49 +0200 (MEST)
In-Reply-To: <002201cad028$d20eb950$762c2bf0$> from "Brian Smith" at Mar 30, 10 11:48:26 am
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal07
X-SAP: out
Subject: Re: [TLS] New Cached info draft
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Mar 2010 19:08:34 -0000

Brian Smith wrote:
> Adam Langley wrote:
> > One last point, I think I'd like to see the ability to cache the
> CertificateStatus:
> Optimally, the client only really wants a certificate status update when a
> previously-cached one has expired and/or the server's certificate has
> changed. Server certificates very rarely change. Consequently, the client
> should be able to get by with sending the certificate status request
> extension only when it doesn't have a non-expired certificate status for
> that server, right? AFAICT, this would work equally well for servers that do
> and don't support the cached-info extension.
> Please let me know if I am overlooking something.

The cached info uses a fail-safe approach in that the real data will
be sent by the server when the information by the client does not
match (based on the server comparing the hash values supplied by the

You can not do that with the TLS extension for OCSP.  The client only
knows what certificate the server from the reply to the ClientHello
handshake message.  IMHO, the robust approach for a TLS handshake
that has the highest likelihood to succeed, requires the use of
the TLS extension for OCSP plus the caching extension for
the actual extension contents (the OCSP responses).

I would not want to go through a handshake failure when the
OCSP responses that the client has cached are still valid, but
the server has switched to a different server certificate
since the last connect.