Re: [Trans] OCSP and SCTs
Rob Stradling <rob.stradling@comodo.com> Mon, 01 September 2014 10:56 UTC
Return-Path: <rob.stradling@comodo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ADBD1A0361 for <trans@ietfa.amsl.com>; Mon, 1 Sep 2014 03:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.41
X-Spam-Level: *
X-Spam-Status: No, score=1.41 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_NET=0.611, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NMWlQ7IvO5_5 for <trans@ietfa.amsl.com>; Mon, 1 Sep 2014 03:56:51 -0700 (PDT)
Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A83B31A0373 for <trans@ietf.org>; Mon, 1 Sep 2014 03:56:50 -0700 (PDT)
Received: (qmail 6680 invoked by uid 1000); 1 Sep 2014 10:56:48 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Mon, 01 Sep 2014 11:56:48 +0100
Message-ID: <540450F0.3080005@comodo.com>
Date: Mon, 01 Sep 2014 11:56:48 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Kyle Hamilton <aerowolf@gmail.com>, Brian Smith <brian@briansmith.org>, Fabrice <fabrice.gautier@gmail.com>
References: <DCB45BF3-C979-4025-A532-0349D971E95D@gmail.com> <CAFewVt4iX=ActoRLgHTMG=Rua-wZoT8owGLDHt3s=z4vreHQeQ@mail.gmail.com> <239CAEF3-C77D-4E0B-B64D-D715D71AD1A8@gmail.com> <CAFewVt6me=PE5NYVD3JDokrv8JV-ZJXYgdL0dVOf-4K1bFvLSQ@mail.gmail.com> <1929A47D-06A5-4550-A26E-902DE964F980@gmail.com> <CAFewVt46LqFsvUK0g9cQUbhytNzW6Z6ZhyYoE1vF-sQ-xjh47w@mail.gmail.com> <404f9e8c-6605-4482-92ec-5ad4c6adcde0@email.android.com>
In-Reply-To: <404f9e8c-6605-4482-92ec-5ad4c6adcde0@email.android.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/DYchIYLY_8vEu5Un0zx0mzuCA_c
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] OCSP and SCTs
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Sep 2014 10:56:53 -0000
Hi Kyle. Please review the TRANS charter [1]. The scope for 6962-bis is "a standards-track mechanism to apply verifiable logs to HTTP over TLS". I'm guessing you're thinking of S/MIME certificates, Code Signing certificates, etc, which can be logged but which can only be checked via OCSP Fetching (not OCSP Stapling). These are in scope for discussion, possible future WG re-chartering and possible future WG work items. [1] http://datatracker.ietf.org/wg/trans/charter/ On 01/09/14 01:57, Kyle Hamilton wrote: > The more you apply your own "best idea" decision tree, the more you > restrict perfectly valid options that would otherwise be legitimate by > the spec, in the name of "interoperability". This is why, for example, > Netscape's insistence on a "trustworthy" (which really devolves to > "known, without judgment of trustworthiness") certifier managed to > create a new and completely artificial cottage industry that suffered > artificial stunted growth patterns... because it insisted on > ITU-standard authentication before anyone knew what it was really good > for. It also basically destroyed one of the use-cases explicitly > permitted by the spec, that of the unauthenticated connection. > > Don't insist on a client-protocol stapling. Not everything uses TLS -- > and even though TLS is the intended use case, leaving low hanging fruit > for other protocols is probably better than binding it so tightly to TLS > that no one can conceive of a use aside from that binding. > > -Kyle H > > On August 31, 2014 11:44:10 AM PST, Brian Smith <brian@briansmith.org> > wrote: > > On Sat, Aug 30, 2014 at 9:05 PM, Fabrice <fabrice.gautier@gmail.com> wrote: > > On Aug 30, 2014, at 15:43, Brian Smith <brian@briansmith.org> wrote: > > On Sat, Aug 30, 2014 at 3:22 PM, Fabrice > <fabrice.gautier@gmail.com> wrote: > > On Aug 30, 2014, at 14:16, Brian Smith > <brian@briansmith.org> wrote: > > I understand the issue you describe and how stapling has > less opportunities > for failures and is a MUST for TLS clients, but my > question was really about > what should a TLS client do when it does not get an OCSP > response through > stapling (RFC6066) but get one directly from the OCSP > responder or > potentially other means. > > To me, it seems logical for the TLS clients to process > SCTs found in those > responses, no matter how it got them. > > > When the client is enforcing CT, it should reject the > certificate due > to the missing SCT before it even attempts revocation checking. > > Thus, it would never fetch the OCSP response and so it would > never > learn the SCT from a fetched response. > > > I don't see any language in the RFC or draft that suggest there > is an > ordering between revocation checking and CT validation, or any > other parts > of the certificate validation. The only related language I found > is rather > succinct: > > In addition to normal validation of the certificate and its > chain, they > should validate the SCT (...) > > > I understand that your question is "If I fetched an OCSP response, > should I recognize the SCTs > in the fetched response?" I don't have any > opinion on that. > > You are right that the spec. doesn't talk about the ordering of doing > revocation checking and SCT processing during certificate chain > validation. I believe that the best ordering is to process SCTs, and > reject certificates without SCTs, before doing revocation checking or > path building, especially revocation checking and path building that > requires doing any networking (OCSP fetching and/or AIA chasing), > because this reduces the risks that are inherent in doing that > networking and with doing path building in general. The draft should > be changed to say that. > > However, you agree that the current draft allows a client to reject a > certificate due to a missing SCT before it attempts any AIA chasing > and/or OCSP fetching, right? If so, then the server must provide the > SCT in the handshake--in the TLS extension, in the certificate, or in > a stapled > OCSP response--to interoperate with clients that work that > way, regardless of whether some clients process SCTs in fetched OCSP > responses. > > If there are good reasons to ignore SCTs in non-stapled OCSP > responses, I'd > like to know about them, and it probably should be mentioned in > the RFC. > > > A browser needs a reliable mechanism for getting SCTs in order for the > browser to be able to make SCTs mandatory. Browsers that make SCT > mandatory would ultimately be what would make CT effective. OCSP > fetching is not reliable, in theory or on practice, so a client cannot > rely on getting SCTs via OCSP fetching. A browser that processed SCTs > in fetched OCSP responses would be encouraging websites to avoid the > reliable mechanisms of SCT delivery in favor of an unreliable > mechanism, causing CT to be > unreliable and thus ineffective. > > Cheers, > Brian > > ------------------------------------------------------------------------ > > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans > -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.
- [Trans] OCSP and SCTs Fabrice
- Re: [Trans] OCSP and SCTs Brian Smith
- Re: [Trans] OCSP and SCTs Fabrice
- Re: [Trans] OCSP and SCTs Brian Smith
- Re: [Trans] OCSP and SCTs Fabrice
- Re: [Trans] OCSP and SCTs Brian Smith
- Re: [Trans] OCSP and SCTs Fabrice Gautier
- Re: [Trans] OCSP and SCTs Kyle Hamilton
- Re: [Trans] OCSP and SCTs Rob Stradling
- Re: [Trans] OCSP and SCTs Rob Stradling
- Re: [Trans] OCSP and SCTs Stephen Kent