Re: [TLS] CRL Stapling? (was Re: I-D Action: draft-ietf-tls-multiple-cert-status-extension-00.txt)

mrex@sap.com (Martin Rex) Fri, 01 June 2012 15:08 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 760F721F8AB1 for <tls@ietfa.amsl.com>; Fri, 1 Jun 2012 08:08:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.211
X-Spam-Level:
X-Spam-Status: No, score=-10.211 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7FH+tzTe14Ik for <tls@ietfa.amsl.com>; Fri, 1 Jun 2012 08:08:59 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id ADB4421F8AB0 for <tls@ietf.org>; Fri, 1 Jun 2012 08:08:58 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id q51F8sW8002137 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 1 Jun 2012 17:08:55 +0200 (MEST)
In-Reply-To: <4FC75249.3050805@comodo.com>
To: Rob Stradling <rob.stradling@comodo.com>
Date: Fri, 01 Jun 2012 17:08:54 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20120601150854.C33F81A094@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] CRL Stapling? (was Re: I-D Action: draft-ietf-tls-multiple-cert-status-extension-00.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 15:08:59 -0000

Rob Stradling wrote:
> 
> IIRC, when Opera does an online revocation check, it currently checks 
> CRLs for intermediate CA certificates and OCSP for end-entity 
> certificates.  This makes sense because:
>    - CRLs covering intermediate CA certificates tend to be roughly the 
> same size (sometimes smaller!) as the equivalent OCSP Responses (since 
> it's quite rare for intermediate CA certificates to be revoked).
>    - Possessing a current CRL means you won't have to do an online 
> revocation check if you encounter another certificate issued by the same 
> issuer.
>
>   [...]
> 
> How about changing the scope of the multi-stapling I-D so that it *only* 
> covers the intermediate CA certificate(s) in the chain?

This would significantly increase the complexity without adding value.
OCSP responses can be cached just as long as the CRLs on which they're
based.

> 
> With this approach, an end-entity OCSP Response could be stapled using 
> the RFC6066 TLS extension, and the intermediate CRL(s) could be stapled 
> using the new multi-stapling TLS extension.

This would require the complexity of two TLS extensions where a single
TLS extension is perfectly sufficient (i.e. a lot more code and a lot
more bugs).


While I might eventually look into implementing the multi-stapling
TLS extension, I will never consider doing the rfc6066 single OCSP
extension.


-Martin