Re: [TLS] Possible revocation delay issue with TLS stapling
Nicolas Williams <Nicolas.Williams@sun.com> Fri, 26 March 2010 18:18 UTC
Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F21F3A6C15; Fri, 26 Mar 2010 11:18:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.411
X-Spam-Level:
X-Spam-Status: No, score=-3.411 tagged_above=-999 required=5 tests=[AWL=-0.957, BAYES_40=-0.185, DNS_FROM_OPENWHOIS=1.13, J_CHICKENPOX_54=0.6, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SKV7YAyV6JKj; Fri, 26 Mar 2010 11:18:24 -0700 (PDT)
Received: from rcsinet12.oracle.com (rcsinet12.oracle.com [148.87.113.124]) by core3.amsl.com (Postfix) with ESMTP id C9A693A6B5E; Fri, 26 Mar 2010 11:18:20 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet12.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id o2QIIfdA027652 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 26 Mar 2010 18:18:43 GMT
Received: from acsmt354.oracle.com (acsmt354.oracle.com [141.146.40.154]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2QIIc22005807; Fri, 26 Mar 2010 18:18:38 GMT
Received: from abhmt004.oracle.com by acsmt353.oracle.com with ESMTP id 120204041269627441; Fri, 26 Mar 2010 11:17:21 -0700
Received: from Sun.COM (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 26 Mar 2010 11:17:20 -0700
Date: Fri, 26 Mar 2010 13:17:16 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Yngve N. Pettersen" <yngve@opera.com>
Message-ID: <20100326181716.GG21244@Sun.COM>
References: <op.u95kjftmkvaitl@lessa-ii>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <op.u95kjftmkvaitl@lessa-ii>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Source-IP: acsmt354.oracle.com [141.146.40.154]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090208.4BACFA81.0062,ss=1,fgs=0
Cc: "pkix@ietf.org" <pkix@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Possible revocation delay issue with TLS stapling
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Mar 2010 18:18:25 -0000
[Why not pile on? I think there's an angle not covered.] As others have pointed out this is nothing new, nor special about OCSP versus CRLs, and they have pointed out the workaround for RPs that care. The more interesting point, I think, is that instantaneous revocation is like password synchronization: hard. You can get down to a window of minutes. But instantaneous revocation? I don't believe that's feasible in real world deployments. Also, revoking certs is not enough if you want instantaneous revocation! You'd also want to slam existing connections, and yet we have no protocol for doing that. However, quick revocation has much higher costs than quick password synchronization. That's because making it possible to revoke certs quickly means making more frequent use of online infrastructure, and more frequent validation of signatures, whereas with password synch you need only push changes as quickly as possible to a relatively few servers. Nowadays that extra cost may be in the noise, but it's not nothing, and it's the reason that we have the ability to have OCSP responses without nonces. Think of OCSP as a Kerberos-like ticketing facility, with certs+OCSP being like TGTs with long renewable lifetimes (corresponding to the certs' notAfter) but short lifetimes (corresponding to OCSP response freshness requirements / nextUpdate). If you care about quick revocation then you can just tune down the OCSP response freshness requirements such that they fall within a time window whose size is comparable to the time needed for revocation notices to reach all the relevant OCSP responders. The trick is to find just the right setting. Nico --
- [TLS] Possible revocation delay issue with TLS st… Yngve N. Pettersen
- Re: [TLS] Possible revocation delay issue with TL… Adam Langley
- Re: [TLS] [pkix] Possible revocation delay issue … Sean Leonard
- Re: [TLS] [pkix] Possible revocation delay issue … Miller, Timothy J.
- Re: [TLS] [pkix] Possible revocation delay issue … Miller, Timothy J.
- Re: [TLS] [pkix] Possible revocation delay issue … Kemp, David P.
- Re: [TLS] [pkix] Possible revocation delay issue … Jean-Marc Desperrier
- Re: [TLS] [pkix] Possible revocation delay issue … Santosh Chokhani
- Re: [TLS] Possible revocation delay issue with TL… Nicolas Williams
- Re: [TLS] [pkix] Possible revocation delay issue … Yngve N. Pettersen
- Re: [TLS] Possible revocation delay issue with TL… Martin Rex
- Re: [TLS] [pkix] Possible revocation delay issue … Miller, Timothy J.
- Re: [TLS] [pkix] Possible revocation delay issue … Miller, Timothy J.
- Re: [TLS] [pkix] Possible revocation delay issue … Santosh Chokhani
- Re: [TLS] [pkix] Possible revocation delay issue … Kemp, David P.
- Re: [TLS] [pkix] Possible revocation delay issue … Miller, Timothy J.
- Re: [TLS] [pkix] Possible revocation delay issue … Miller, Timothy J.