Re: [TLS] OCSP must staple

Kurt Roeckx <> Sat, 07 June 2014 16:49 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A29161A0084 for <>; Sat, 7 Jun 2014 09:49:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_ABOUTYOU=0.5, SPF_HELO_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nIsWqIQ6u3Lk for <>; Sat, 7 Jun 2014 09:49:54 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 214A31A0081 for <>; Sat, 7 Jun 2014 09:49:54 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 66C211C20F3 for <>; Sat, 7 Jun 2014 18:49:45 +0200 (CEST)
Received: by (Postfix, from userid 1000) id 484311FE0266; Sat, 7 Jun 2014 18:49:45 +0200 (CEST)
Date: Sat, 7 Jun 2014 18:49:45 +0200
From: Kurt Roeckx <>
Message-ID: <>
References: <> <097101cf7aa7$17f960a0$47ec21e0$> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [TLS] OCSP must staple
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 07 Jun 2014 16:49:55 -0000

On Thu, Jun 05, 2014 at 05:32:23PM +0000, Viktor Dukhovni wrote:
> I would like to see
> CAs stop publishing CRLs entirely (solving the scaling issue for
> mass revocations as with Heartbleed)

CRLs are useful.  And I wish all CAs published them.  But I do not
recommend them to check that the certificate is revoked or not at
the time of a connection.

> implement only OCSP, and
> provide a standard zero-cost revocation protocol when the private
> key is available (or when a miracle happens and the "challenge"
> password is actually known).
> Once revocation is a scalable working process, then we can benefit
> from insisting on OCSP stapling, provided we figure out what to do
> with servers that don't have any way to reach out and refresh OCSP
> responses for stapling, nor support interface for an agent to
> obtain the response on the server's behalf and push it into the
> server's configuration.

I do not understand what you're really trying to say here.

I think we all agree that we want everybody to do OCSP.  I think
we also want everybody to do OCSP stapling by default when
possible.  But that doesn't mean we want everybody be forced to
do OCSP stapling.

I fail to see how this relates to revocation process.  If there is
a problem in the revocation process having CRL, OCSP, OCSP
stapling, or OCSP must staple will all have the same effect.

I am curious about your use case for servers that can't refresh
the OCSP response.  And is this any different in the case of CRLs?
Or are you just happy to ignore the non-existence of the CRLs?