Re: [TLS] TLS 1.3 and OCSP stapling
Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 14 December 2015 13:23 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45CA81ACE65 for <tls@ietfa.amsl.com>; Mon, 14 Dec 2015 05:23:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 370COeLbj6Ud for <tls@ietfa.amsl.com>; Mon, 14 Dec 2015 05:23:41 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) by ietfa.amsl.com (Postfix) with ESMTP id 0040B1ACE63 for <tls@ietf.org>; Mon, 14 Dec 2015 05:23:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 37243660; Mon, 14 Dec 2015 15:23:38 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id 7iOle31JN5pC; Mon, 14 Dec 2015 15:23:37 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-35-116.bb.dnainternet.fi [87.92.35.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id E41AE1E0; Mon, 14 Dec 2015 15:23:37 +0200 (EET)
Date: Mon, 14 Dec 2015 15:23:34 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Rob Stradling <rob.stradling@comodo.com>
Message-ID: <20151214132334.GA22971@LK-Perkele-V2.elisa-laajakaista.fi>
References: <20151211185258.GA5451@LK-Perkele-V2.elisa-laajakaista.fi> <CABkgnnU5orJz4YRan1WT-0bMEd0WZ1d1Jow=XMG1Ru2m9H9dCQ@mail.gmail.com> <2cef9d92f1e344f09053fc4efbe2c381@usma1ex-dag1mb1.msg.corp.akamai.com> <566EB625.7060402@comodo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <566EB625.7060402@comodo.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jkITsNzriuP4gE0f-mmsIhMCFWM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 and OCSP stapling
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2015 13:23:43 -0000
On Mon, Dec 14, 2015 at 12:29:25PM +0000, Rob Stradling wrote: > On 12/12/15 15:02, Salz, Rich wrote: > >>I think that the best way to deal with the status_request_v2 extension is to > >>make it a proper part of the TLS 1.3 messages, probably Certificate or > >>CertificateVerify. This is a fairly heavily important extension. > > > >I'd be in favor of this. > > Wouldn't switching OCSP stapling from "extension" to "proper part of the TLS > 1.3 messages" mess things up for the TLS Feature certificate extension [1], > which can be used to tell a TLS client that it should expect to receive TLS > extension 5 (status_request) and/or TLS extension 17 (status_request_v2) > from the TLS server? If one needed to, one could make up rules with regards to extension negotiation. Also, this is just the message, not the extension, so one probably does not have to. Rule that if status_request_v2 is missing, then status_request_v2 with single item with blank responder id list and blank extension is impiled would prbably go bit too far. Or that TLS 1.3 always implicitly ACKs status_request_v2[1]... TLS Extensions 5 (status_request) and 9 (cert_type) are a bit special, as both have essentially been superceded by other extensions that can perform everything those extensions can and more. Also, for some reason status_request is marked as deprecated in TLS 1.3 (status_request_v2 is still there). [1] Considering extended_master_secret always negotiatied in TLS 1.3 might be a good idea, for backward compatiblity with software that checks for EMS as check for "not vulernable to THS". -Ilari
- [TLS] TLS 1.3 and OCSP stapling Ilari Liusvaara
- Re: [TLS] TLS 1.3 and OCSP stapling Martin Thomson
- Re: [TLS] TLS 1.3 and OCSP stapling Ilari Liusvaara
- Re: [TLS] TLS 1.3 and OCSP stapling Salz, Rich
- Re: [TLS] TLS 1.3 and OCSP stapling Rob Stradling
- Re: [TLS] TLS 1.3 and OCSP stapling Ilari Liusvaara