Re: [TLS] Status of X.509v3 TLS Feature Extension?
mrex@sap.com (Martin Rex) Mon, 28 April 2014 17:42 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FBC71A6F9B for <tls@ietfa.amsl.com>; Mon, 28 Apr 2014 10:42:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.952
X-Spam-Level:
X-Spam-Status: No, score=-5.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tSR08KuB796P for <tls@ietfa.amsl.com>; Mon, 28 Apr 2014 10:42:43 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 5A3C11A6F54 for <tls@ietf.org>; Mon, 28 Apr 2014 10:42:43 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id s3SHge1l020259 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <tls@ietf.org>; Mon, 28 Apr 2014 19:42:41 +0200 (MEST)
In-Reply-To: <20140428162459.GZ27883@mournblade.imrryr.org>
To: tls@ietf.org
Date: Mon, 28 Apr 2014 19:42:40 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140428174240.E04D21ACE1@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/PunuYoWXlGm6dbxGrGYEF6Ja7lM
Subject: Re: [TLS] Status of X.509v3 TLS Feature Extension?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 17:42:45 -0000
Viktor Dukhovni wrote: > >Salz, Rich wrote: >> >> Well RFC 6066 says "only one OCSP response may be sent" and while >> RFC 2560 allows multiple answers, it says that they are a "response >> for each of the certificates in the request." Since the server's >> SSL cert is implied by 6066, and since there is no other way to >> specify additional certs, then the answer to your questions would >> be "just the leaf." > > Which leaves the intermediate CAs out of scope... I plan to continue > to treat CRLs, OCSP and OCSP stapling as variants of the emperor's > new clothes. There exist 2 different TLS extension for OCSP responses. Old Single OCSP response: rfc6066 (originally defined in rfc3546) New Multiple OCSP responses: rfc6961 https://tools.ietf.org/html/rfc6961 >>Viktor Dukhovni wrote: >>> >>> What's the point if it does not fail-closed? The client insists >>> that the server provide an OCSP response, but then does not validate >>> it (some notion of freshness is surely part of validation, but no >>> freshness algorithm is indicated). With fail-closed you probably mean "fail-hard"? EV certs seem to be able to provide a benefit without "fail-hard". It is difficult to define a global/universal guaranteed service quality for the OCSP responder service of the CA, and it is difficult to define a minimum service quality for the server, in which time an admin will notice and fix a problem with the OCSP response refreshing of his server. It is really a client-side local policy issue. The client could also perform OCSP request itself for the server's cert (chain), whenever it does not consider the server's response "fresh enough". There are two possible "attack" scenarios: (1) the attacker steals (or breaks) the server's real key&cert, so that the Certificate extension will indicate whatever the original admin requested when he purchased the certificate (2) the attacker manages to subvert the RA process of a public CA and gets a different cert without the certificate extension issued. A fail-hard on the certificate extension can not protect you from (2). -Martin
- [TLS] Status of X.509v3 TLS Feature Extension? Klemens Baum
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Tom Ritter
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Rob Stradling
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Rob Stradling
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Russ Housley
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Watson Ladd
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Adam Langley
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Martin Rex
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Martin Rex
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Stephen Checkoway
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Geoffrey Keating
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Peter Gutmann
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Stephen Checkoway
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Geoffrey Keating
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Rob Stradling
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Phillip Hallam-Baker
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Rob Stradling
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Paul Lambert
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Adam Langley
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Adam Langley
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Phillip Hallam-Baker