Re: [TLS] OCSP must staple

Yoav Nir <> Thu, 12 June 2014 21:45 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id CD0961A028D for <>; Thu, 12 Jun 2014 14:45:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zF8sjKwm3Bir for <>; Thu, 12 Jun 2014 14:45:39 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c00::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 90FBF1A0276 for <>; Thu, 12 Jun 2014 14:45:38 -0700 (PDT)
Received: by with SMTP id y10so1916717wgg.32 for <>; Thu, 12 Jun 2014 14:45:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=kDIEsghWsntwiaz5nuDn2HbGB1Q8sujuWIHiO5UDulM=; b=VqFKBJUwMP39zBxgQBu/zkcmvOHQ4Mg0SWPB9t5m0cSlN7KCeKIo2mZQ+hExBJX4pz p18TcFoMCJmKt7aAOZMJfIoeCJwnkDH8A1y/N2OdCCF+MTrUL4N+VS85N4wE7vYqpn16 Rp275T3Id04PoBbVNh4vH8Z+gZiP+4Gj4sUcLCCekb0789mlgSj4eBSg5MAvbfwj8CMv wnGdbk6Wz3+RKdZ/Lg1VdxAtz45J7AFU5L6gEvezJM9PjCitCjdNFjh39ukcZLSVD34T itlYaqzbG0+Jx6wd9HAbZUAzhP6ZGEyXJjfRzH3ZRkf+l3LV9ms/z5hqTyamfNz0ksyg 37eg==
X-Received: by with SMTP id ex10mr10003614wid.30.1402609537185; Thu, 12 Jun 2014 14:45:37 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id f45sm7313255eem.15.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 12 Jun 2014 14:45:36 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_CE114B1C-0C19-4977-94CB-B1DBEB25FB27"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Yoav Nir <>
In-Reply-To: <>
Date: Fri, 13 Jun 2014 00:45:32 +0300
Message-Id: <>
References: <> <097101cf7aa7$17f960a0$47ec21e0$> <> <> <> <> <> <> <> <> <> <>
To: Brian Smith <>
X-Mailer: Apple Mail (2.1878.2)
Cc: "<>" <>
Subject: Re: [TLS] OCSP must staple
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 12 Jun 2014 21:45:40 -0000

On Jun 12, 2014, at 9:21 PM, Brian Smith <> wrote:

> On Thu, Jun 12, 2014 at 2:02 AM, Yoav Nir <> wrote:
> Regarding TLS proxies, I can give my perspective, as I work for one vendor. 
> <hat type=“vendor” status=“on”>
> Our fake certificates contain the DNs and alternate names from the original certificate. We don’t copy over any extensions that we don’t understand. The same is also true of TLS - we don’t copy extensions we don’t know. That is what allows our proxy to gracefully downgrade HTTP/2 or SPDY clients and gateways to HTTP/1.
> As for dates, these *are* copied from the original certificate, the reason is that this makes the client behavior similar to whatever it is with the original certificate. We did consider making the certificates short-lived, but decided against it. 
> </hat>
> So your proposed heuristic for detecting fake certificates will work with some proxies, but not all. Adam’s suggestion should work better, but best is if the fake certificate doesn’t promise things the proxy CA doesn’t understand.
> Thanks for sharing that information. Does your product copy all the certificate policies from the original certificate into the forged certificate? If your product doesn't copy certificate policies it doesn't understand, then there wouldn't be an interop issue with your product and the use of certificate policies for Must-Staple, even if your product doesn't generate short-lived certificates.

IIRC we don’t copy certificate policies at all, but I could be wrong. 

The thing is, a browser like Mozilla has to work with many different interceptors around, so there might be one that does copy all extensions, but doesn’t make short-lived certificates.