IETF Logo Mail Archive

Re: [TLS] draft-pettersen-tls-ext-multiple-ocsp questions

"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Wed, 11 April 2012 17:36 UTC

Return-Path: <yngve@opera.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F7A221F84EA for <tls@ietfa.amsl.com>; Wed, 11 Apr 2012 10:36:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UkBqNO0gv7Yj for <tls@ietfa.amsl.com>; Wed, 11 Apr 2012 10:36:44 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by ietfa.amsl.com (Postfix) with ESMTP id 862F821F84CF for <tls@ietf.org>; Wed, 11 Apr 2012 10:36:44 -0700 (PDT)
Received: from acorna.oslo.osa (pat-tdc.opera.com [213.236.208.22]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q3BHadT7006053 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 11 Apr 2012 17:36:40 GMT
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: draft-pettersen-tls-ext-multiple-ocsp@tools.ietf.org, Jim Schaad <jimsch@augustcellars.com>
References: <01ca01cd1803$c09b63b0$41d22b10$@augustcellars.com>
Date: Wed, 11 Apr 2012 19:36:39 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Message-ID: <op.wcl27d0mqrq7tp@acorna.oslo.osa>
In-Reply-To: <01ca01cd1803$c09b63b0$41d22b10$@augustcellars.com>
User-Agent: Opera Mail/10.63 (Win32)
Cc: tls@ietf.org
Subject: Re: [TLS] draft-pettersen-tls-ext-multiple-ocsp questions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 17:36:45 -0000
X-List-Received-Date: Wed, 11 Apr 2012 17:36:45 -0000

On Wed, 11 Apr 2012 18:54:10 +0200, Jim Schaad <jimsch@augustcellars.com>  
wrote:

> There are three models for doing OCSP, as near as I can tell this draft  
> only
> addresses two of those models.
>
> 1.  The RP uses a single OCSP server that will issue the OCSP responses  
> for
> all of the certificates in a chain.
> 2.  The CA directly issues OCSP responses for the certificates that it
> issues (thus they replace direct CRLs)
> 3.  The CA issues a certificate to the OCSP responder (thus they replace
> indirect CRLs).
>
> The first two are covered as only the certificates in the CA chain and  
> the
> OCSP responses are needed, however the last model would require that
> additional certificates and potentially CRLs be transported so that the
> indirect certificate can be validated as part of processing the OCSP
> responses.

How the OCSP responses are retrieved by the server is decided by the  
server design, and is governed by RFCs 2560 and 5019, and is not really in  
scope for the document.

The most common model will be that the server retrieves them based on the  
AIA OCSP URL in the certificates, but it is also possible for the server  
to be configured to download it from a specific responder (or responders)  
different from what is stated in the certificates.

Whether the CA signs the OCSP responses directly, or uses a designated  
certificate to sign the response (this is handled by the response  
validation, same as for normal OCSP retrieval) is also IMO out of scope,  
and it is also governed by RFCs 2560 and 5019. AFAIK revocation is not  
checked on the designated issuer certificate and there is a recommendation  
in RFC 5019 about using an extension to disable OCSP checking for that  
certificate, and not including the CRL or OCSP URLs.

While most of that is IMO out of scope, what might be in scope is a  
recommendation to CAs about whether or not to use designated issuer to  
sign the responses (although I am inclined to say that this is out of  
scope, too). At least one major website operator have expressed concern  
about the responsiveness (from the user experience point of view) of their  
site if designated issuers are used, since those responses will be much  
larger than non-designated responses, which might make the handshake hit  
network limits, requiring an extra delay before the handshake can be  
completed. While this may be a concern during the first handshake of a  
session, a well-configured server should be able to keep a session alive  
for hours or maybe 24 hours, meaning that the extra delay will be rather  
infrequent (if the session are renegotiated frequently the UX impact might  
be greater).

The present document is about how the client negotiates that the server  
collects (in a manner not specified) the OCSP responses relevant to the  
certificates presented by the server, and how they are transferred from  
the server to the client. Validation of the responses are then handled  
according to RFC 2560 and RFC 5019,as part of the certificate validation  
process. It is not different from RFC 6066 in this aspect.

-- 
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer		     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 23 69 32 60              Fax:    +47 23 69 24 01
********************************************************************

v2.23.0 | Report a Bug | By Email