Re: [TLS] [pkix] New version of Multiple OCSP mode of Certificate Status extension
Rob Stradling <rob.stradling@comodo.com> Wed, 04 August 2010 22:03 UTC
Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0CB6D3A69DB for <tls@core3.amsl.com>; Wed, 4 Aug 2010 15:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.367
X-Spam-Level:
X-Spam-Status: No, score=-5.367 tagged_above=-999 required=5 tests=[AWL=0.310, BAYES_00=-2.599, HELO_MISMATCH_NET=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h3lwFkposMf6 for <tls@core3.amsl.com>; Wed, 4 Aug 2010 15:03:42 -0700 (PDT)
Received: from ian.brad.office.comodo.net (brad.comodogroup.com [82.109.38.202]) by core3.amsl.com (Postfix) with ESMTP id 6581F3A6A89 for <tls@ietf.org>; Wed, 4 Aug 2010 15:03:40 -0700 (PDT)
Received: (qmail 2580 invoked by uid 1000); 4 Aug 2010 22:04:08 -0000
Received: from nigel.brad.office.comodo.net (HELO nigel.localnet) (192.168.0.58) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES256-SHA encrypted) ESMTPS; Wed, 04 Aug 2010 23:04:08 +0100
From: Rob Stradling <rob.stradling@comodo.com>
To: yngve@opera.com
Date: Wed, 04 Aug 2010 23:04:05 +0100
User-Agent: KMail/1.13.3 (Linux/2.6.32-gentoo-r7; KDE/4.4.4; i686; ; )
References: <E1OfxqR-00006L-FJ@wintermute02.cs.auckland.ac.nz> <201008032046.38830.rob.stradling@comodo.com> <op.vgw4c3czvqd7e2@killashandra.oslo.osa>
In-Reply-To: <op.vgw4c3czvqd7e2@killashandra.oslo.osa>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201008042304.05996.rob.stradling@comodo.com>
Cc: pkix@ietf.org, tls@ietf.org
Subject: Re: [TLS] [pkix] New version of Multiple OCSP mode of Certificate Status extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2010 22:03:45 -0000
On Wednesday 04 August 2010 15:40:05 Yngve Nysaeter Pettersen wrote: > On Tue, 03 Aug 2010 21:46:38 +0200, Rob Stradling > > <rob.stradling@comodo.com> wrote: > > In another thread, Kyle H today wrote: > > "...why not change the ASN.1 to allow for multiple individual responses > > in a > > SEQUENCE or SET?" > > I suspect that this is about responses for multiple certificates for the > same issuer. I suspect not. BasicOCSPResponse already allows a single Response to contain status information about multiple certificates for the same issuer. In fact, BasicOCSPResponse already allows a single Response to contain status information about multiple certificates from *multiple issuers*. The problem, of course, is that a BasicOCSPResponse may only be signed by a single entity, so this kind of Response could only ever be useful in a "local configuration of OCSP signing authority" (RFC 2560 section 4.2.2.2 option 1) context. > I am not sure how well this will work for clients like Opera, since we are > associating the response with the URL for retrieving it, we don't add it > to a repository. First you wanted to try to avoid requiring updates to Servers that already support OCSP "stapling". Are you now suggesting that Clients cannot be updated either? > I also suspect that we will seldom encounter a certificate that was > matched by that response anyway. > > > This is another possible way forward for "Multiple OCSP". > > > > I suppose it would need a new "responseType" OID - something like... > > id-pkix-ocsp-multiple OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } > > > > The "response" OCTET STRING would contain a SEQUENCE OF (or SET OF) > > BasicOCSPResponse (rather than just a single BasicOCSPResponse). > > If you mean that the sequence should include the OCSP responses for each > intermediate, as well as the end entity certificate, Yes, I do mean that. > that will not work unless the responder is signing with a certificate issued > directly from the Root, and which is somehow designated as the signer fore > each > certificate in the chain. I say it will work. You seem to be assuming that each BasicOCSPResponse in the SEQUENCE/SET would contain a signature generated by the same key/certificate. I never said that. Rather, each BasicOCSPResponse in the SEQUENCE/SET would contain a signature generated by a key/certificate that is authorized to sign it. If the Responder is not authoritative for one (or more) certificates in the chain, then it could either i) "staple" a valid BasicOCSPResponse obtained from another Responder, or ii) simply not include a BasicOCSPResponse for this certificate (which would cause the Client to try looking somewhere else for status info about that certificate). > If the signer of the end entity cert was allowed to sign responses for the > intermediate, it would be allowed to create the revocation information > about its own status (which should only be presented by the issuer > itself), so it would need to be a designated responder cert issued by the > Root. > > Such a designated cert would probably become logistical problem for a Root > hierarchy that have many independent intermediates, and essentially the > Root issuer would have to maintain a revocation service for all subCAs. This is a different idea. If we could designate the Root Certificate and/or a designated Responder certificate issued by the Root Certificate as "Authorized Responders" for signing OCSP Response information for all certificates in the chain, then the existing ASN.1 would be sufficient for "Multiple OCSP". However, Clients, Servers and Responders would all need code updates. Also, there would be nothing technically to prevent Root Certificate A from cross- certifying Root Certificate B (without Root Certificate B's consent), which would give Root Certificate A the power to make up OCSP status information for all certificates that chain up to Root Certificate B. > Storing the full signed response from the issuer in the response would > prevent such a logistical problem, but would create a larger response, > which might cause other logistical problems. "Storing the full signed response from the issuer in the response" is what my previous post proposed. My proposal wouldn't "create a larger response", but it would require ASN.1 changes. Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.
- [TLS] New version of Multiple OCSP mode of Certif… Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] New version of Multiple OCSP mode of Ce… Adam Langley
- Re: [TLS] New version of Multiple OCSP mode of Ce… Yngve Nysaeter Pettersen
- Re: [TLS] New version of Multiple OCSP mode of Ce… Yngve N. Pettersen
- Re: [TLS] New version of Multiple OCSP mode of Ce… Adam Langley
- Re: [TLS] New version of Multiple OCSP mode of Ce… Brian Smith
- Re: [TLS] New version of Multiple OCSP mode of Ce… Brian Smith
- Re: [TLS] New version of Multiple OCSP mode of Ce… Yngve N. Pettersen
- Re: [TLS] New version of Multiple OCSP mode of Ce… Rob Stradling
- Re: [TLS] New version of Multiple OCSP mode of Ce… Rob Stradling
- Re: [TLS] New version of Multiple OCSP mode of Ce… Yngve Nysaeter Pettersen
- Re: [TLS] New version of Multiple OCSP mode of Ce… Peter Gutmann
- Re: [TLS] New version of Multiple OCSP mode of Ce… Yngve Nysaeter Pettersen
- Re: [TLS] New version of Multiple OCSP mode of Ce… Brian Smith
- Re: [TLS] New version of Multiple OCSP mode of Ce… Peter Gutmann
- Re: [TLS] New version of Multiple OCSP mode of Ce… Peter Gutmann
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Rob Stradling
- Re: [TLS] New version of Multiple OCSP mode of Ce… Yngve Nysaeter Pettersen
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Yngve Nysaeter Pettersen
- Re: [TLS] New version of Multiple OCSP mode of Ce… Martin Rex
- Re: [TLS] New version of Multiple OCSP mode of Ce… Adam Langley
- Re: [TLS] New version of Multiple OCSP mode of Ce… Martin Rex
- Re: [TLS] New version of Multiple OCSP mode of Ce… Martin Rex
- Re: [TLS] New version of Multiple OCSP mode of Ce… Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] New version of Multiple OCSP mode of Ce… Marsh Ray
- Re: [TLS] New version of Multiple OCSP mode of Ce… Martin Rex
- Re: [TLS] New version of Multiple OCSP mode of Ce… Martin Rex
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Miller, Timothy J.
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Martin Rex
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Marsh Ray
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Miller, Timothy J.
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Miller, Timothy J.
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Martin Rex
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Rob Stradling
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Martin Rex
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Nicolas Williams
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Martin Rex
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Nicolas Williams
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Martin Rex
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Nicolas Williams
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Peter Gutmann
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Peter Gutmann
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Peter Gutmann
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Miller, Timothy J.
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Martin Rex
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Peter Gutmann
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Nicolas Williams
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Peter Gutmann
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Nicolas Williams
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Dr Stephen Henson
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Martin Rex
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Nicolas Williams
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Peter Gutmann
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Nicolas Williams
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Peter Gutmann
- Re: [TLS] [pkix] New version of Multiple OCSP mod… Miller, Timothy J.
- Re: [TLS] [pkix] Accessing arbitrary AIA URLs Matt McCutchen