IETF Logo Mail Archive

Re: [TLS] New version of Multiple OCSP mode of Certificate Status

Martin Rex <mrex@sap.com> Wed, 04 August 2010 18:42 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E927D3A67ED; Wed, 4 Aug 2010 11:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.641
X-Spam-Level:
X-Spam-Status: No, score=-9.641 tagged_above=-999 required=5 tests=[AWL=0.608, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DmIwyCb+sRaM; Wed, 4 Aug 2010 11:42:59 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id A65223A680B; Wed, 4 Aug 2010 11:42:58 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id o74IhR84020428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 4 Aug 2010 20:43:27 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201008041843.o74IhQqX007628@fs4113.wdf.sap.corp>
To: yngve@opera.com
Date: Wed, 04 Aug 2010 20:43:26 +0200
In-Reply-To: <op.vgxe0necqrq7tp@acorna.invalid.invalid> from "Yngve N. Pettersen" at Aug 4, 10 08:30:13 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: pkix@ietf.org, tls@ietf.org
Subject: Re: [TLS] New version of Multiple OCSP mode of Certificate Status
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2010 18:43:00 -0000

Yngve N. Pettersen wrote:
> 
> Opera only accepts these certificates if they chain to an already known  
> and trusted Root, and verify successfully once the chain is completed.  
> Should the downloaded certificate turn out to be a Root it is  
> automatically discarded. If they pass all of this, the certificate is  
> cached.

As far as the AIA vulnerability is concerned, you're 0wnd as soon
as your software connects to the crafted URL in the crafted server
certificate.  It doesn't matter that whether you discard the reply
and abort the original browser connection at that point.  If you're
attacked, that URL is often not going to result in a certificate anyway.

> 
> The only other alternatives are to either display a certificate warning  
> for those sites, or ship with every intermediate in the Root repository.

How about warning on first encounter and offer the User to download
and memorize the intermediate cert -- or to NOT download?

> 
> As for danger, I would think that it is no more dangerous than going to  
> arbitrary websites are already, or downloading OCSP and CRLs (which are  
> also specified in the certificate).

As previously described, the certificate path validation algorithm
specified in rfc-5280 works from the trust anchor downwards to
the End Entity cert, and will reliably protect you from accessing
OCSP or CRL information from untrusted/unverified certificates.

AIA retrieval works upwards with information from completely unverified
and untrusted certs.


-Martin

v2.23.0 | Report a Bug | By Email