IETF Logo Mail Archive

Re: [TLS] comments on draft-ietf-tls-tls13-19

Nikos Mavrogiannopoulos <nmav@redhat.com> Mon, 24 April 2017 07:58 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDD84129407 for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 00:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.923
X-Spam-Level:
X-Spam-Status: No, score=-6.923 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xYg2vrT28g9 for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 00:58:16 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7595412940A for <tls@ietf.org>; Mon, 24 Apr 2017 00:58:16 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5E5CD19CBD1; Mon, 24 Apr 2017 07:58:15 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5E5CD19CBD1
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=nmav@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 5E5CD19CBD1
Received: from dhcp-10-40-1-102.brq.redhat.com (unknown [10.40.2.129]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4E2765C466; Mon, 24 Apr 2017 07:58:14 +0000 (UTC)
Message-ID: <1493020692.3390.8.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Ryan Sleevi <ryan-ietftls@sleevi.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Date: Mon, 24 Apr 2017 09:58:12 +0200
In-Reply-To: <CAErg=HEt9fvL1y2fdcYBPj-0geuMKepvDnPJWK=AJ_omCYMiyA@mail.gmail.com>
References: <1490797726.28079.18.camel@redhat.com> <1490797957.28079.20.camel@redhat.com> <CABcZeBMCZrVKM959F3ycKN_WAky2NAZTy9OOetnC+KJAj3L+Pw@mail.gmail.com> <1492786351.14070.2.camel@redhat.com> <CABcZeBOe4-yEW8r15fsOtHJbQrnqGJ6oUaGYjoUwYS0MQE-rHQ@mail.gmail.com> <20170422120017.GA4201@LK-Perkele-V2.elisa-laajakaista.fi> <20170422214205.bxu5whfqzy5kshsw@roeckx.be> <20170423103442.GA16936@LK-Perkele-V2.elisa-laajakaista.fi> <CAErg=HEt9fvL1y2fdcYBPj-0geuMKepvDnPJWK=AJ_omCYMiyA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 24 Apr 2017 07:58:15 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ox89gGIg0Ip9ho8wWkwcH0aQj30>
Subject: Re: [TLS] comments on draft-ietf-tls-tls13-19
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 07:58:18 -0000

On Sun, 2017-04-23 at 12:01 -0400, Ryan Sleevi wrote:

> > 
> > As for what the TLS library I have written does if OCSP staple
> > lacks
> > NextUpdate, it outright causes handshake failure and fatal alert.
> 
> So far, the preference on our end has been for a TLS library that
> doesn't have to have deeply-ingrained knowledge of the PKI, including
> OCSP, and instead treat these as separate layers. This PR
> necessitates that awareness by force of spec, 

That's intentional. Not every application is firefox or chrome and thus
application writers cannot be expected to set sane defaults for OCSP
validity time _when the nextUpdate field is missing_. The reason they
cannot be expected to do that, is that it is not by way obvious what to
do. Ilari's implentation closes the connection, mine sets a limit of 15
days, and I guess each and every other one behaves differently. It is
the role of the standards to clarify uncertainties for implementers or
forbid such options (I'd equally be happy if we have a text that
forbids an empty nextUpdate field in OCSP responses to be used in the
context of TLS 1.3 ocsp stapling).

>  Given that stapling "issues" exist even without stapling, it does
> seem an unnecessary reach to include within the spec.

There is a usability and interoperability issue there. Given that there
is no common interpretation of what the missing nextUpdate field means
in terms of validity, there some equally valid interpretations:
 1. the response is invalid for use in TLS 1.3
 2. the response is valid for a limited amount of time 1, 7, 8, 9, 15
days
 3. the response is valid for an unlimited amount of time (which raises
 the question of why staple at all in that case?)

Without a clarification in the spec, we are going to see
implementations that fail when encountered with such response,
implementations that work fine, and implementations that claim the
response is too old. That would most likely result to ocsp stapling
becoming the thing to disable for things to work.

regards,
Nikos

v2.23.0 | Report a Bug | By Email