[websec] Revocation check failures for HSTS sites

Adam Langley <agl@google.com> Mon, 28 March 2011 15:34 UTC

Return-Path: <agl@google.com>
X-Original-To: websec@core3.amsl.com
Delivered-To: websec@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id EF49D3A684A for <websec@core3.amsl.com>; Mon, 28 Mar 2011 08:34:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.977
X-Spam-Status: No, score=-105.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id c6wgPRv8FtdU for <websec@core3.amsl.com>; Mon, 28 Mar 2011 08:34:57 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com []) by core3.amsl.com (Postfix) with ESMTP id 73CAC3A6810 for <websec@ietf.org>; Mon, 28 Mar 2011 08:34:57 -0700 (PDT)
Received: from wpaz17.hot.corp.google.com (wpaz17.hot.corp.google.com []) by smtp-out.google.com with ESMTP id p2SFaYdc005778 for <websec@ietf.org>; Mon, 28 Mar 2011 08:36:34 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1301326594; bh=7xb3C6Iy3Y3jx+aibguywc0tzL4=; h=MIME-Version:Date:Message-ID:Subject:From:To:Content-Type; b=a//BIPvaMz4AbT/j2OxWlMM1ACfW5R3C5xxAFAQKG3eGYKo8zriEQuPsgLVqMrexj V8Zmdx0VdTinpW5n8wJJg==
Received: from ywg4 (ywg4.prod.google.com []) by wpaz17.hot.corp.google.com with ESMTP id p2SFaXA7018067 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <websec@ietf.org>; Mon, 28 Mar 2011 08:36:34 -0700
Received: by ywg4 with SMTP id 4so1092071ywg.10 for <websec@ietf.org>; Mon, 28 Mar 2011 08:36:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=YWadRN4KSKv0yGaXZYzuftsdCA37NW8dGC0jgZb3vtA=; b=tc1kOfexFNUnLRudGLVBxx5BrlsN2j9e71wYFnHYZUnTCC6DfquTLbm5eMe3CmD9gg vZ6P49cL0Emt//gFFkew==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:date:message-id:subject:from:to:content-type; b=HRE3mb8g9VO8+ylGYuDUdsi5pkF95+DWnOYkul9mSAsbNCFvLVBahEj/4JiKOwapqh c0UDuWt/ymDfKJGuYHlg==
MIME-Version: 1.0
Received: by with SMTP id o2mr3759527ybn.204.1301326593589; Mon, 28 Mar 2011 08:36:33 -0700 (PDT)
Received: by with HTTP; Mon, 28 Mar 2011 08:36:33 -0700 (PDT)
Date: Mon, 28 Mar 2011 11:36:33 -0400
Message-ID: <AANLkTi=aoaSxWdAwHBAE-p1bP_ayzDw8H-PmqVnsKnF0@mail.gmail.com>
From: Adam Langley <agl@google.com>
To: websec@ietf.org
Content-Type: text/plain; charset="UTF-8"
X-System-Of-Record: true
Subject: [websec] Revocation check failures for HSTS sites
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 15:35:00 -0000

Currently Chrome treats revocation check failures as fatal for HSTS
sites. This is scheduled to change with Chrome 12 when revocation
check failures will not be treated differently for HSTS sites.

The reason for this change is that several Google properties are
either already HSTS or are planning/considering enabling it. However,
it's unacceptable that a failure of our CA's servers brings down those
services. Availability of service is very important.

It has been suggested that OCSP stapling solves this issue. However,
only a single OCSP response can be stapled in the current protocol and
chained certificates are now almost ubiquitous. Even if OCSP stapling
were extended to support multiple responses, the size of the OCSP
responses (1-2KB) becomes problematic. Not only is another 2-5KB of
overhead per connection a problem for for some users (it's another
second of latency for dialups), it typically overflows the server's
initial congestion window, causing another round trip. This can be
reconfigured unilaterally on a per-server basis but many clients
enforce it with their flow window.