Re: [TLS] Call for acceptance on multi-stapling
Martin Rex <mrex@sap.com> Thu, 19 April 2012 01:45 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A62211E80B0 for <tls@ietfa.amsl.com>; Wed, 18 Apr 2012 18:45:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.093
X-Spam-Level:
X-Spam-Status: No, score=-10.093 tagged_above=-999 required=5 tests=[AWL=0.156, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aAMS8Vqklm8e for <tls@ietfa.amsl.com>; Wed, 18 Apr 2012 18:45:48 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id D075F11E80AD for <tls@ietf.org>; Wed, 18 Apr 2012 18:45:47 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id q3J1jj36018717 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 19 Apr 2012 03:45:45 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201204190145.q3J1jff6015899@fs4113.wdf.sap.corp>
To: aerowolf@gmail.com
Date: Thu, 19 Apr 2012 03:45:41 +0200
In-Reply-To: <CAPMEXDam=9U0LFaieRYYCxGMRdX13uKd7j4CrczkY2YE0v1NSg@mail.gmail.com> from "Kyle Hamilton" at Apr 18, 12 06:06:37 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Call for acceptance on multi-stapling
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2012 01:45:52 -0000
Kyle Hamilton wrote: > > Eric Rescorla <ekr@rtfm.com> wrote: > > > > At the meeting in Paris there was broad consensus to adopt Yngve's > > TLS Multi-Stapling draft > > (http://www.ietf.org/id/draft-pettersen-tls-ext-multiple-ocsp-03.txt). > > > > The WG chairs would like to confirm this consensus. Please send any > > comments by Wednesday April 25. > [quotations rearranged from Kyle's original response] > > I (grudgingly) shall support this, with many reservations. I support adopting the work. > > I believe that this is improper for TLS-WG to take up. The problem > that multi-stapling is intended to address can be done completely > within an X.509 self-signed structure, and derives from PKIX-WG not > producing a single coherent standard that client protocols can simply > plug in. Trying to work around a PKIX-WG problem in TLS is not going > to solve the same types of problems that exist in all other PKIX > client protocols. This was a _known_ characteristic/shortcoming of X.509/PKIX when it was (re-)used by SSLv3 and carried through to TLSv1.0, that revocation checking was designed strictly out-of-band. Originally CRLs, OCSP & SCVP were later defined as alternative mechanisms, but similarly out-of-band. Therefore I consider it INappropriate to blame X.509 for what it is (even though I dislike this property of the X.509 architecture myself). There are huge benefits associated with the multiple OCSP-responses stapling, obviating the RP from additional third-party communication in order to verify the TLS peer's certificate (chain), and protecting the RPs privacy. On top of this, the credential holder is in the best position to ensure an efficiently accessible OCSP responder for his own certificate (chain), efficiently cache OCSP responses for his own cert (chain) and to refresh them out-of-band. > > That we can't do this is a bug in PKIX, not a bug in TLS. That we > can't get multiple certificate status responses in a single structure > is a failure of PKIX, not TLS. Working around it in TLS-WG is > inefficient, and will not solve the same problem in other PKIX client > protocols. Actually, I believe just the opposite. While CRL suffers from a design defect that can result in real world security vulnerability, the OCSP design and the narrow set of acceptable signer certs is a _huge_ improvement over CRLs, without that CRL signer design flaw. -Martin
- [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling =JeffH
- Re: [TLS] Call for acceptance on multi-stapling Kyle Hamilton
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling peter.robinson
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Ryan Sleevi
- Re: [TLS] Call for acceptance on multi-stapling Adam Langley
- Re: [TLS] Call for acceptance on multi-stapling Tom Ritter
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Geoffrey Keating
- Re: [TLS] Call for acceptance on multi-stapling Tom Ritter
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Michael D'Errico
- Re: [TLS] Call for acceptance on multi-stapling Marsh Ray
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Marsh Ray
- Re: [TLS] Call for acceptance on multi-stapling Adam Langley
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Adam Langley
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Marsh Ray
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Nikos Mavrogiannopoulos
- Re: [TLS] Call for acceptance on multi-stapling Adam Langley
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Jean-Marc Desperrier
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Jean-Marc Desperrier
- Re: [TLS] Call for acceptance on multi-stapling Yoav Nir
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Yingxian Wang