IETF Logo Mail Archive

Re: [TLS] [pkix] New version of Multiple OCSP mode of Certificate Status extension

Rob Stradling <rob.stradling@comodo.com> Tue, 03 August 2010 19:46 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2670E3A69A6 for <tls@core3.amsl.com>; Tue, 3 Aug 2010 12:46:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Level:
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[AWL=-0.929, BAYES_20=-0.74, HELO_MISMATCH_NET=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6w7+fZodM18 for <tls@core3.amsl.com>; Tue, 3 Aug 2010 12:46:14 -0700 (PDT)
Received: from ian.brad.office.comodo.net (brad.comodogroup.com [82.109.38.202]) by core3.amsl.com (Postfix) with ESMTP id 2540C3A69B9 for <tls@ietf.org>; Tue, 3 Aug 2010 12:46:13 -0700 (PDT)
Received: (qmail 18352 invoked by uid 1000); 3 Aug 2010 19:46:40 -0000
Received: from nigel.brad.office.comodo.net (HELO nigel.localnet) (192.168.0.58) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES256-SHA encrypted) ESMTPS; Tue, 03 Aug 2010 20:46:40 +0100
From: Rob Stradling <rob.stradling@comodo.com>
To: pkix@ietf.org, yngve@opera.com
Date: Tue, 03 Aug 2010 20:46:38 +0100
User-Agent: KMail/1.13.3 (Linux/2.6.32-gentoo-r7; KDE/4.4.4; i686; ; )
References: <E1OfxqR-00006L-FJ@wintermute02.cs.auckland.ac.nz> <op.vgtktnagvqd7e2@killashandra.oslo.osa>
In-Reply-To: <op.vgtktnagvqd7e2@killashandra.oslo.osa>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201008032046.38830.rob.stradling@comodo.com>
Cc: tls@ietf.org
Subject: Re: [TLS] [pkix] New version of Multiple OCSP mode of Certificate Status extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2010 19:46:16 -0000

In another thread, Kyle H today wrote:
"...why not change the ASN.1 to allow for multiple individual responses in a 
SEQUENCE or SET?"

This is another possible way forward for "Multiple OCSP".

I suppose it would need a new "responseType" OID - something like...
id-pkix-ocsp-multiple  OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }

The "response" OCTET STRING would contain a SEQUENCE OF (or SET OF) 
BasicOCSPResponse (rather than just a single BasicOCSPResponse).

OCSP Clients would signal their support for id-pkix-ocsp-multiple by setting 
this OID in the Acceptable Response Types OCSP Request Extension.  OCSP 
Requests can already contain multiple "CertID"s which reference certificates 
issued by different Issuers, so Clients could explicitly list all the 
certificates they want status information for, rather than rely on the 
Responder to guess which certificates in which certificate chain might be 
relevant.

One disadvantage of this approach is that the various Server software would 
need to be updated before it would be able to "staple" this kind of Response.

However, compared to Yngve's OCSP Response Extension approach, id-pkix-ocsp-
multiple would be kinder to the Responders:
  - Responders would only send the (typically larger) id-pkix-ocsp-multiple 
Responses to Clients that have signalled that they support this responseType.
  - If a Client already has an OCSP Response for some of the Intermediate CA 
Certificate(s) in a chain, it needn't include a CertID for each of them in the 
OCSP Request.  This would further decrease unnecessary network traffic to/from 
the Responders.
  - Responders that use pre-generated Responses can use the same pre-generated 
Responses for both id-pkix-ocsp-basic and id-pkix-ocsp-multiple.

On Monday 02 August 2010 17:45:13 Yngve Nysaeter Pettersen wrote:
> On Mon, 02 Aug 2010 18:26:31 +0200, Peter Gutmann
> 
> <pgut001@cs.auckland.ac.nz> wrote:
> > "Yngve Nysaeter Pettersen" <yngve@opera.com> writes:
> >> This issue will not be any different from the current situation; When
> >> they
> >> check OCSP, clients only check the site certificate. If they check
> >> revocation
> >> for intermediates they use CRLs. In fact, for Opera's part, we retrieve
> >> CRLs
> >> while verifying the certificate, OCSP after the certificate has been
> >> checked,
> >> so CRLs are more "dangerous" from that perspective.
> > 
> > Just out of interest, is this a pure performance optimisation, or a tacit
> > recognition of the fact that no public CA cert has ever been revoked no
> > matter
> > how negligently the CA has behaved [0] (and it's unlikely that one ever
> > will
> > because the collateral damage incurred makes it politically untenable),
> > therefore there's no need to spend too much time on revocation checks?
> > 
> > What do other implementations do?  Does anyone check CA certs for
> > revocation
> > when they process a cert chain?
> 
> AFAIK, currently all the major browsers check for OCSP for the site
> certificates (IE for Vista and later, XP requires a preference change
> IIRC), I am not quite sure about CRLs, but checking intermediates is a
> requirement for Extended Validation verification. I didn't see any need to
> distinguish the cases, so we check CRLs for all certificates that identify
> them (and if one certificate have a CRL defined, we require them for all
> certificates below the Root, except the ones we check OCSP for, or we
> remove the padlock)
> 
> Previously, intermediate CA roots were usually issued just to the CA that
> owned the Root, now I am seeing a tendency to issue intermediate CA
> certificates to larger companies, for example. Worst case, it might be
> that it is only a question of time before an intermediate CA have to be
> revoked (That is different from revoking a Root, where the collateral
> damage will be huge if it ever happens, but in such a case the Root key
> has probably been compromised).
> 
> The optimization benefits for my proposals, is that the client need to
> check fewer online revocation resources than before, and they will
> preferably be more up to date, in the best case it does not have to check
> any online resources since the server provided them all. For the CA, there
> will ultimately be less traffic to the server, and it will depend less on
> the number of users, and more on the number of customers.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
  3rd Floor, 26 Office Village, Exchange Quay,
  Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
software.

v2.23.0 | Report a Bug | By Email