Re: [TLS] draft-ietf-tls-cached-info-14
"Yngve N. Pettersen" <yngve@spec-work.net> Wed, 10 April 2013 15:14 UTC
Return-Path: <yngve@spec-work.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E0F021F989B for <tls@ietfa.amsl.com>; Wed, 10 Apr 2013 08:14:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l9cXpj-ZMXCD for <tls@ietfa.amsl.com>; Wed, 10 Apr 2013 08:14:54 -0700 (PDT)
Received: from smtp.domeneshop.no (smtp.domeneshop.no [194.63.252.54]) by ietfa.amsl.com (Postfix) with ESMTP id A396E21F989C for <tls@ietf.org>; Wed, 10 Apr 2013 08:14:53 -0700 (PDT)
Received: from 239.171.251.212.customer.cdi.no ([212.251.171.239]:50560 helo=killashandra.invalid.invalid) by smtp.domeneshop.no with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <yngve@spec-work.net>) id 1UPwjc-00039Y-35; Wed, 10 Apr 2013 17:14:52 +0200
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: Rob Stradling <rob.stradling@comodo.com>
References: <2C078811-2A81-4B37-82F0-FAD94A7395BD@gmx.net> <51547C0C.20806@ieca.com> <A3EEC7FB-665B-4543-8D42-A997100506E5@gmx.net> <5154B4C9.1070405@comodo.com> <5096AB41-02FD-4E01-A78E-BEF272181F42@gmx.net> <5162C154.1010202@comodo.com> <op.wu76e6o73dfyax@killashandra.invalid.invalid> <5163200D.2030300@comodo.com> <op.wu8nh01v3dfyax@killashandra.invalid.invalid> <51646709.4030803@comodo.com> <op.wvakl2sk3dfyax@killashandra.invalid.invalid> <097601ce3574$f4495c50$dcdc14f0$@ditenity.com> <51656C00.8030200@comodo.com> <op.wvbvjwm73dfyax@killashandra.invalid.invalid> <5165757B.50109@comodo.com>
Date: Wed, 10 Apr 2013 17:14:48 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettersen" <yngve@spec-work.net>
Message-ID: <op.wvbzay2g3dfyax@killashandra.invalid.invalid>
In-Reply-To: <5165757B.50109@comodo.com>
User-Agent: Opera Mail/12.15 (Win32)
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-cached-info-14
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2013 15:14:55 -0000
On Wed, 10 Apr 2013 16:21:47 +0200, Rob Stradling <rob.stradling@comodo.com> wrote: > On 10/04/13 14:53, Yngve N. Pettersen wrote: >> Hi, >> >> Please keep in mind that the certificate chain sequence can be changed >> at any time. Any mechanism used would need to take that into >> consideration. > > It can be changed at any time on the server side, but we're talking > about the certificate chain sequence that the client received and cached > at a particular point in time. > >> Therefore, such a solution would have to link it to the fingerprint of >> the chain of stapled responses. However, once you provide that >> information you don't need a boolean value to indicate which responses >> you have and that are valid, because the server will already have that >> information. > > Isn't this exactly what Hannes proposed a couple of weeks ago? > > https://github.com/hannestschofenig/tschofenig-ids/blob/master/tls-cached-info/draft-ietf-tls-cached-info-15.txt In this case I am talking about the boolean flag proposal and how it would indicate to a server which responses it have, and particularly how to avoid confusion when/if the certificate chain is updated by the server. >> It might be conceivable to link the information to the fingerprint of >> the certificate chain and then use the bools, but that would actually >> require (a few) more bytes on the wire than indicating the fingerprint >> of the stapled response list (although: one could get past that by >> linking the stapled list with the entry for cached certificates, but I >> think that would complicate matters more than is necessary to save a few >> bytes; particularly if the client for some reason is not caching the >> certificate chain). >> >> On Wed, 10 Apr 2013 15:41:20 +0200, Rob Stradling >> <rob.stradling@comodo.com> wrote: >> >>> On 09/04/13 23:52, Piyush Jain wrote: >>>> I'm having a basic problem understanding OCSPResponse cachedinfo >>>> object and >>>> the need to obtain the latest cert_status from the server. >>>> >>>> Why does a TLS client care if it has the same OCSP responses (for >>>> server and >>>> any intermediate certificate) as the TLS server, as long as it has >>>> some >>>> valid OCSP responses for those certificates? IMO, all the client >>>> cares about >>>> is the fact that it can build a valid status checked path to the >>>> locally >>>> configured trust anchor. >>>> >>>> So the only thing that the client needs to tell the server is the >>>> list of >>>> certificates for which it needs the status (either because the status >>>> in the >>>> cache expired or because it never got the status from this or other >>>> server). >>>> This can be communicated easily through a list of Boolean values. The >>>> position of the value corresponds to the position of certificate in >>>> the >>>> certificate chain and the value indicates if the client wants the >>>> server to >>>> include the status of corresponding cert. >>>> This makes the cached info object for OCSP responses much smaller >>>> compared >>>> to the representation that uses hash and also allows the clients to >>>> make use >>>> of locally cached OCSP responses irrespective of where they came from. >>> >>> Thanks Piyush. I think that a "list of Boolean values" for requesting >>> cert statuses is a much better idea. :-) >>> >>> When you say "The position of the value corresponds to the position of >>> certificate in the certificate chain", I presume you're referring to >>> the CachedObject(s) of type "certificate_chain" that the client sends. >>> >>> If a client were to send >1 CachedObjects of type "certificate_chain" >>> and >1 "list of Boolean values" CachedObjects, there could be >>> ambiguity over which "certificate_chain" is paired with which "list of >>> Boolean values". >>> >>> Would we simply say that the CachedObject(s) of these two types must >>> be sent in the same order? >>> Or would we need to squeeze the "list of Boolean values" into the >>> "certificate_chain" CachedObject type somehow? >>> >>>> -Piyush >>>> >>>>> -----Original Message----- >>>>> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of >>>>> Yngve N. Pettersen >>>>> Sent: Tuesday, April 09, 2013 2:00 PM >>>>> To: Rob Stradling >>>>> Cc: tls@ietf.org >>>>> Subject: Re: [TLS] draft-ietf-tls-cached-info-14 >>>>> >>>>> On Tue, 09 Apr 2013 21:07:53 +0200, Rob Stradling >>>>> <rob.stradling@comodo.com> wrote: >>>>> >>>>>> On 08/04/13 21:07, Yngve N. Pettersen wrote: >>>>>> <snip> >>>>>>>> Example: >>>>>>>> - Client visits https://www.google.com and >>>>>>>> https://mail.google.com, each for the first time ever, and caches >>>>>>>> the certificate chains and OCSP Responses for the End-entity and >>>>>>>> Intermediate certs. Client observes that the same "Google >>>>>>>> Internet >>>>>>>> Authority" Intermediate is used in both cases. >>>>>>>> - A while later, client performs another full handshake to >>>>>>>> https://www.google.com and gets back a different OCSP Response >>>>> (with >>>>>>>> a more recent thisUpdate value) for the same Intermediate cert. >>>>>>>> - A while later, client performs another full handshake to >>>>>>>> https://mail.google.com. It sends the CachedObject for the >>>>>>>> Intermediate OCSP Response that https://www.google.com just >>>>>>>> returned, because it knows that this OCSP Response is relevant for >>>>>>>> the Intermediate cert that https://mail.google.com used last time >>>>>>>> the client connected to it, and because this OCSP Response is the >>>>>>>> freshest one that the client has available. >>>>>>> >>>>>>> What about www.co.uk and bank.co.uk? >>>>>>> >>>>>>> Such things get complicated very fast, which is why we had to >>>>>>> develop >>>>>>> the public suffix list. >>>>>>> >>>>>>> Please, let us stay way, way, *way* out of that particular thorny >>>>>>> area. >>>>>> >>>>>> If the End-entity certs at https://www.co.uk and https://bank.co.uk >>>>>> are both issued by the same Intermediate, then what's the problem? >>>>>> Why are the domain names even relevant when deciding whether or not >>>>>> it's "safe" for the client to send an Intermediate cert's OCSP >>>>>> Response that a different server provided? >>>>> >>>>> Tip: If domain names are irrelevant, make sure they do not carry >>>>> meaning >>>> in >>>>> the discussion, particularly when combined with the word "safe". >>>>> Might >>>>> confuse things. >>>>> >>>>>> I agree that my proposal should be rejected _if_ the consensus is >>>>>> that >>>>>> it adds too much extra complexity. But IMHO the more bytes on the >>>>>> wire we can save, the more chance there is that Multi-Stapling + >>>>>> Cached-Info will actually get deployed widely. >>>>> >>>>> The concept still assumes that server1 and server2 will have same >>>>> binary >>>>> response R for certificate X at time T, even if the client have >>>>> previously >>>> only >>>>> seen R from server1, and instead seen response S from server2. >>>>> >>>>> If, at time T both R and S are valid, but R is valid longer than S, >>>>> which >>>> should >>>>> be indicated to server2? If both, that means more (unnecessary) >>>>> bytes on >>>>> the wire, particularly if you have more than 2 servers (e.g. 200) >>>>> with the >>>> same >>>>> (issuer) certificate, each with binary different valid responses. >>>>> >>>>> What if the client indicates R to server2 and leaves out S, but >>>>> server2 >>>> does >>>>> not have R (and might get response Q if it requested an update)? Most >>>> likely >>>>> server2 would then resend response S. Result: unnecessary bytes on >>>>> the >>>>> wire. >>>>> >>>>> Personally, I think it is better to assume that the OCSP responses >>>>> kept by >>>> two >>>>> servers are different, even if they are signed by the same issuer. It >>>> might be >>>>> that servers in different geographical areas connect to different >>>>> OCSP >>>>> responders which have responses generated at different times (or who >>>>> generate on-the-fly responses). >>>>> >>>>> As mentioned above, the potential problems becomes even more >>>>> pronounced if you are dealing with hundreds or thousands of servers >>>>> (as we >>>>> would likely do with servers using Comodo issued certificates, for >>>> example). >>>>> >>>>> My advice: Keep cache lists for each server separate from the lists >>>>> used >>>> for >>>>> other servers. That does not mean that the client cannot optimize >>>>> storage >>>> by >>>>> combining the storage for each entry in the list, though. There is >>>>> too >>>> much >>>>> chance of guessing wrong about what the server should know based on >>>>> what >>>>> the client knows. >>>>> >>>>> -- >>>>> Sincerely, >>>>> Yngve N. Pettersen >>>>> >>>>> Using Opera's mail client: http://www.opera.com/mail/ >>>>> _______________________________________________ >>>>> TLS mailing list >>>>> TLS@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/tls >>>> >>>> >>> >> >> > -- Sincerely, Yngve N. Pettersen Using Opera's mail client: http://www.opera.com/mail/
- [TLS] draft-ietf-tls-cached-info-14 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-cached-info-14 Sean Turner
- Re: [TLS] draft-ietf-tls-cached-info-14 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-cached-info-14 Sean Turner
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Rob Stradling
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-cached-info-14 Martin Rex
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Piyush Jain
- Re: [TLS] draft-ietf-tls-cached-info-14 Martin Rex