IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-cached-info-14

"Piyush Jain" <piyush@ditenity.com> Tue, 09 April 2013 22:53 UTC

Return-Path: <piyush@ditenity.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B27D21F97EE for <tls@ietfa.amsl.com>; Tue, 9 Apr 2013 15:53:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.369
X-Spam-Level:
X-Spam-Status: No, score=-0.369 tagged_above=-999 required=5 tests=[AWL=-0.965, BAYES_00=-2.599, DOS_OUTLOOK_TO_MX=1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_EQ_LT4=0.442, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWtEa1qK8L2M for <tls@ietfa.amsl.com>; Tue, 9 Apr 2013 15:53:03 -0700 (PDT)
Received: from mail-gg0-x234.google.com (mail-gg0-x234.google.com [IPv6:2607:f8b0:4002:c02::234]) by ietfa.amsl.com (Postfix) with ESMTP id BC59521F97E2 for <tls@ietf.org>; Tue, 9 Apr 2013 15:53:02 -0700 (PDT)
Received: by mail-gg0-f180.google.com with SMTP id e5so1130438ggk.25 for <tls@ietf.org>; Tue, 09 Apr 2013 15:52:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language:x-gm-message-state; bh=u6/7dAqTXo5NACHYjOd33sRnEeIGoXV83kaD1VlxuYw=; b=oTfKtHCX36W/C+94vI+XaDTX7K8l540AQdn86QyObV0bRhVp1csHWTU0ONM8c6TlAQ TNGyEd3yhwFpT5vV6xwVfOApQR0nGrjkiUp9qBWM6SH+0sw4zRfom7Y23xBR+cC9cI7/ OzepB3wXV80nNUOL4q7GD0vFCfp201M+Qk8XH7TC3KQgq2ZwgVoiLVFD/YRoP/vjWL5z z/fhNzO7n5laq0GGyWH1YtRmljDgZN91qVrsUSCTivdJvkcEC92//5nh08xeQqtZfo59 0PzIo9QeCcdazvunh0cNYOi0FsZSxmMfrocYsA2rg1GwVy04W9C9+YHZxrz4YUnPatvZ SAGg==
X-Received: by 10.236.202.195 with SMTP id d43mr16557335yho.64.1365547979230; Tue, 09 Apr 2013 15:52:59 -0700 (PDT)
Received: from hp13 (75-25-128-241.lightspeed.sjcpca.sbcglobal.net. [75.25.128.241]) by mx.google.com with ESMTPS id h6sm45949307yhf.19.2013.04.09.15.52.55 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 09 Apr 2013 15:52:58 -0700 (PDT)
From: Piyush Jain <piyush@ditenity.com>
To: "'Yngve N. Pettersen'" <yngve@spec-work.net>, 'Rob Stradling' <rob.stradling@comodo.com>
References: <2C078811-2A81-4B37-82F0-FAD94A7395BD@gmx.net> <51547C0C.20806@ieca.com> <A3EEC7FB-665B-4543-8D42-A997100506E5@gmx.net> <5154B4C9.1070405@comodo.com> <5096AB41-02FD-4E01-A78E-BEF272181F42@gmx.net> <5162C154.1010202@comodo.com> <op.wu76e6o73dfyax@killashandra.invalid.invalid> <5163200D.2030300@comodo.com> <op.wu8nh01v3dfyax@killashandra.invalid.invalid> <51646709.4030803@comodo.com> <op.wvakl2sk3dfyax@killashandra.invalid.invalid>
In-Reply-To: <op.wvakl2sk3dfyax@killashandra.invalid.invalid>
Date: Tue, 09 Apr 2013 15:52:44 -0700
Message-ID: <097601ce3574$f4495c50$dcdc14f0$@ditenity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJlAb7NsstXjqmQRSHXKYXg2JOPjAHY6j2EAi7U10ICrEPZfgKTKz73AOQ2LZoBb2wfGgHhzkwPAfgjWBgCU4m1cQJXslm/lv/de9A=
Content-Language: en-us
X-Gm-Message-State: ALoCoQnWwFDZEjAQ6e8qTCl6C6zEsvy65Oxv9hndr1jRkialadpaD2vuX/OG7Qtocg9IYJPo77j4
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-cached-info-14
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 22:53:07 -0000

I'm having a basic problem understanding OCSPResponse cachedinfo object and
the need to obtain the latest cert_status from the server.

Why does a TLS client care if it has the same OCSP responses (for server and
any intermediate certificate) as the TLS server, as long as it has some
valid OCSP responses for those certificates? IMO, all the client cares about
is the fact that it can build a valid status checked path to the locally
configured trust anchor.

So the only thing that the client needs to tell the server is the list of
certificates for which it needs the status (either because the status in the
cache expired or because it never got the status from this or other server).
This can be communicated easily through a list of Boolean values. The
position of the value corresponds to the position of certificate in the
certificate chain and the value indicates if the client wants the server to
include the status of corresponding cert.
This makes the cached info object for OCSP responses much smaller compared
to the representation that uses hash and also allows the clients to make use
of locally cached OCSP responses irrespective of where they came from.

-Piyush

> -----Original Message-----
> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of
> Yngve N. Pettersen
> Sent: Tuesday, April 09, 2013 2:00 PM
> To: Rob Stradling
> Cc: tls@ietf.org
> Subject: Re: [TLS] draft-ietf-tls-cached-info-14
> 
> On Tue, 09 Apr 2013 21:07:53 +0200, Rob Stradling
> <rob.stradling@comodo.com> wrote:
> 
> > On 08/04/13 21:07, Yngve N. Pettersen wrote:
> > <snip>
> >>> Example:
> >>>    - Client visits https://www.google.com and
> >>> https://mail.google.com, each for the first time ever, and caches
> >>> the certificate chains and OCSP Responses for the End-entity and
> >>> Intermediate certs.  Client observes that the same "Google Internet
> >>> Authority" Intermediate is used in both cases.
> >>>    - A while later, client performs another full handshake to
> >>> https://www.google.com and gets back a different OCSP Response
> (with
> >>> a more recent thisUpdate value) for the same Intermediate cert.
> >>>    - A while later, client performs another full handshake to
> >>> https://mail.google.com.  It sends the CachedObject for the
> >>> Intermediate OCSP Response that https://www.google.com just
> >>> returned, because it knows that this OCSP Response is relevant for
> >>> the Intermediate cert that https://mail.google.com used last time
> >>> the client connected to it, and because this OCSP Response is the
> >>> freshest one that the client has available.
> >>
> >> What about www.co.uk and bank.co.uk?
> >>
> >> Such things get complicated very fast, which is why we had to develop
> >> the public suffix list.
> >>
> >> Please, let us stay way, way, *way* out of that particular thorny area.
> >
> > If the End-entity certs at https://www.co.uk and https://bank.co.uk
> > are both issued by the same Intermediate, then what's the problem?
> > Why are the domain names even relevant when deciding whether or not
> > it's "safe" for the client to send an Intermediate cert's OCSP
> > Response that a different server provided?
> 
> Tip: If domain names are irrelevant, make sure they do not carry meaning
in
> the discussion, particularly when combined with the word "safe". Might
> confuse things.
> 
> > I agree that my proposal should be rejected _if_ the consensus is that
> > it adds too much extra complexity.  But IMHO the more bytes on the
> > wire we can save, the more chance there is that Multi-Stapling +
> > Cached-Info will actually get deployed widely.
> 
> The concept still assumes that server1 and server2 will have same binary
> response R for certificate X at time T, even if the client have previously
only
> seen R from server1, and instead seen response S from server2.
> 
> If, at time T both R and S are valid, but R is valid longer than S, which
should
> be indicated to server2? If both, that means more (unnecessary) bytes on
> the wire, particularly if you have more than 2 servers (e.g. 200) with the
same
> (issuer) certificate, each with binary different valid responses.
> 
> What if the client indicates R to server2 and leaves out S, but server2
does
> not have R (and might get response Q if it requested an update)? Most
likely
> server2 would then resend response S. Result: unnecessary bytes on the
> wire.
> 
> Personally, I think it is better to assume that the OCSP responses kept by
two
> servers are different, even if they are signed by the same issuer. It
might be
> that servers in different geographical areas connect to different OCSP
> responders which have responses generated at different times (or who
> generate on-the-fly responses).
> 
> As mentioned above, the potential problems becomes even more
> pronounced if you are dealing with hundreds or thousands of servers (as we
> would likely do with servers using Comodo issued certificates, for
example).
> 
> My advice: Keep cache lists for each server separate from the lists used
for
> other servers. That does not mean that the client cannot optimize storage
by
> combining the storage for each entry in the list, though. There is too
much
> chance of guessing wrong about what the server should know based on what
> the client knows.
> 
> --
> Sincerely,
> Yngve N. Pettersen
> 
> Using Opera's mail client: http://www.opera.com/mail/
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email