Re: [TLS] OCSP Stapling confusion
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 10 December 2018 14:03 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECB2E130E3C for <tls@ietfa.amsl.com>; Mon, 10 Dec 2018 06:03:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.19
X-Spam-Level:
X-Spam-Status: No, score=-4.19 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N-aTVGm5RRcY for <tls@ietfa.amsl.com>; Mon, 10 Dec 2018 06:03:21 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17D81130EC0 for <tls@ietf.org>; Mon, 10 Dec 2018 06:03:18 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id C679EF99A; Mon, 10 Dec 2018 09:03:15 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 23C0620638; Mon, 10 Dec 2018 07:16:34 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: "Salz, Rich" <rsalz@akamai.com>, "tls@ietf.org" <tls@ietf.org>
In-Reply-To: <122F779A-6BF7-4B9F-8522-860E44C5FC00@akamai.com>
References: <877egitcbv.fsf@fifthhorseman.net> <122F779A-6BF7-4B9F-8522-860E44C5FC00@akamai.com>
Date: Mon, 10 Dec 2018 07:16:31 -0500
Message-ID: <874lbltw4g.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KffG6OV_Ejf2AnQjJIQjJlTmPV4>
Subject: Re: [TLS] OCSP Stapling confusion
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2018 14:03:23 -0000
On Mon 2018-12-10 02:24:29 +0000, Salz, Rich wrote:
>> * the status_request TLS extension doesn't provide a mechanism for
> stapling OCSP for intermediate certs.
>
> Nobody does this. There's a handful of reasons, but the end result is: nobody does this.
I'd be interested in hearing the reasons enumerated. It seems to me
like being able to promptly revoke an intermediate certificate is a
useful bit of mechanism. is it just because we hope the major browsers
are clever and responsive enough that they'll push out a CRLset (or
equivalent) when they hear of an intermediate that is found to be
violating the BRs?
>> So i think this is a big swirling mishmash of not-quite-compatible and
> not-quite-complete specs, especially as we think about TLS clients and
> servers that want to be interoperable with both TLS 1.2 and TLS 1.3.
>
> Yes, there are many things that could be cleared out with a BCP doc.
> I would be interested in helping with that.
I agree that a BCP would be pretty helpful in clarifiying the state of
play, since it's currently scattered across a few docs over several
years.
But I think i'm proposing something that is not quite just a "BCP",
since it might involve changing the semantics and extensibility of
status_request (limiting it to OCSP responses (from the authorities
found in the AIA?)) so that "TLS Feature" can actually provide
meaningful guarantees of OCSP stapling for X.509v3 certificates.
Because right now, with all the extra (currently unused) flexibility in
status_request, it's hard to see how a client or server can meaningfully
rely on "TLS Feature" as a "must-staple" extension.
--dkg
- Re: [TLS] OCSP Stapling confusion Salz, Rich
- [TLS] OCSP Stapling confusion Daniel Kahn Gillmor
- Re: [TLS] OCSP Stapling confusion Daniel Kahn Gillmor
- Re: [TLS] OCSP Stapling confusion Ilari Liusvaara
- Re: [TLS] OCSP Stapling confusion Martin Thomson
- Re: [TLS] OCSP Stapling confusion Ryan Sleevi