Re: [TLS] OCSP must staple

Brian Smith <brian@briansmith.org> Thu, 12 June 2014 18:44 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11CCD1B2AF6 for <tls@ietfa.amsl.com>; Thu, 12 Jun 2014 11:44:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fZwaE-wQaE3j for <tls@ietfa.amsl.com>; Thu, 12 Jun 2014 11:44:06 -0700 (PDT)
Received: from mail-qc0-f177.google.com (mail-qc0-f177.google.com [209.85.216.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 665B51B27C0 for <tls@ietf.org>; Thu, 12 Jun 2014 11:43:57 -0700 (PDT)
Received: by mail-qc0-f177.google.com with SMTP id i17so2537647qcy.22 for <tls@ietf.org>; Thu, 12 Jun 2014 11:43:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=4VrKCTfMOuWrffNoS9i1UCZWozZ28w5r9ES3F7CtvBE=; b=Whj7uYuNH5pmYI9DklAt/f1jScIbWR4pFygne7rSs+6hssb2SM4HFyESLr3kQpg/X7 CbOWowQWPRJKaXR4qcvavfDayjuMWrE/Fa78DHLkaMrdE3Iba9CPZx/NfLL0+WwZGAWt N5KW77GD+BAf53D9477nARuzjnRRUp3z8FIrUL93jbvuPuzTxfo8Vlm5AARS04ckzMBl Vfl2swpcxjt+Lg9T3P7nb/mR8QTb/0/yLWMcTtbr9I5b1EWJ26wxiPgfmO0Cy5vRY0tc lwZr0WLYsr80Vp2SX+66dojjrENz/9TquxjD9a1iJ1MWCeIRLRw0TLZb62D8QzCFPYK6 bjgg==
X-Gm-Message-State: ALoCoQmLB/YOV96tTRlbDPx1PoNCz6zOIYgZGInYiPbrKuG7EtgfC9CifBmGY35DouA4TOfxqPzT
MIME-Version: 1.0
X-Received: by 10.224.30.71 with SMTP id t7mr65004505qac.30.1402598636514; Thu, 12 Jun 2014 11:43:56 -0700 (PDT)
Received: by 10.224.212.3 with HTTP; Thu, 12 Jun 2014 11:43:56 -0700 (PDT)
In-Reply-To: <CAL9PXLynTNZ2LSLFVBb_aqAvYSnqfBAH6gp6Wt=WmzNBXg9orw@mail.gmail.com>
References: <20140528184735.GA20602@roeckx.be> <097101cf7aa7$17f960a0$47ec21e0$@digicert.com> <4AA8E7B7-A19D-4E65-AF18-C4D02A513652@ieca.com> <538EF79B.3000506@cs.tcd.ie> <CAMm+LwgTnva9jJgVfkaOZ1qP0Rk3w-mFfepnubosgtrCEARv=g@mail.gmail.com> <539069CC.5010304@cs.tcd.ie> <5390B1D6.5010105@nthpermutation.com> <CAFewVt6Pr8yjV8EbYLp1HQJfYMgq2LJMt4uQqZWKChR6p12Wtg@mail.gmail.com> <5390CA45.1050504@nthpermutation.com> <CAFewVt6qfqHW2Df=aXhmo-Fucvn_PUzM8NVQV-aYiH9Ttfhjmw@mail.gmail.com> <CAL9PXLynTNZ2LSLFVBb_aqAvYSnqfBAH6gp6Wt=WmzNBXg9orw@mail.gmail.com>
Date: Thu, 12 Jun 2014 11:43:56 -0700
Message-ID: <CAFewVt7Zw4bsv8U3FpQbpfE9rxaGsPR8j0YhwntpErH8AD9M7Q@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Adam Langley <agl@google.com>
Content-Type: multipart/alternative; boundary=047d7bf0e5307e112504fba7f12c
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/tjvB_7yzS4qpe6Cv7uadURsgz5s
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] OCSP must staple
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jun 2014 18:44:13 -0000

On Wed, Jun 11, 2014 at 4:10 PM, Adam Langley <agl@google.com> wrote:

> On Wed, Jun 11, 2014 at 3:49 PM, Brian Smith <brian@briansmith.org> wrote:
> > * TLS intercepting proxies cause trouble.
>
> In Chrome (and, I assume, Firefox) there's the concept of a
> "non-public root" - i.e. a CA root that the user has installed. When
> one is used on a connection we disable pinning. We could also disable
> Must Staple.
>

That is one approach that would address the compatibility issues. However,
I think it would be better to find an approach that doesn't limit
Must-Staple to publicly-trusted root CAs. Otherwise, it will be harder than
necessary to make the case stapling + Must-Staple is a complete replacement
for OCSP fetching.

If my suggestion of making an exception for short-lived certificates isn't
good enough to address the compatibility issue (and it probably isn't) then
we could require that the Must-Staple extension in the end-entity
certificate be ignored unless it is also present in a CA certificate in the
chain. This would work as long as TLS intercepting proxies are not forging
intermediate CA certificates by copying the contents of the original
intermediate CA certificates. The downside is that every CA that would want
to use Must-Staple would have to first issue a new Must-Staple-enabled
intermediate. It would be more work, but probably it would still be less of
a barrier to enabling Must-Staple than waiting for CA management software
to add support for a new extension.

Cheers,
Brian