OCSP over DNS. I-D Proposal by: Massimiliano Pala (NYU) Scott Rea (DigiCert) +1 (801) 877-2100



Similar documents
Certificates, Revocation and the new gtld's Oh My!

Bugzilla ID: Bugzilla Summary:

NIST Test Personal Identity Verification (PIV) Cards

ALTERNATIVES TO CERTIFICATION AUTHORITIES FOR A SECURE WEB

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

Key Management and Distribution

EMET 4.0 PKI MITIGATION. Neil Sikka DefCon 21

APNIC Trial of Certification of IP Addresses and ASes

Smart Card Authentication. Administrator's Guide

State of PKI for SSL/TLS

An LDAP/X.500 based distributed PGP Keyserver

Alternatives and Enhancements to CAs for a Secure Web

ETSI TS V1.1.1 ( )

Polycom RealPresence Access Director System Administrator s Guide

The IVE also supports using the following additional features with CA certificates:

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

Specifying the content and formal specifications of document formats for QES

Category: Experimental November 2009

Windows Server 2008 PKI and Certificate Security

A PKI For IDR Public Key Infrastructure and Number Resource Certification

AD CS.

Cisco Expressway Basic Configuration

IBM i Version 7.3. Security Digital Certificate Manager IBM

DNS Basics. DNS Basics

Federal Identity, Credentialing, and Access Management. Personal Identity Verification Interoperable (PIV-I) Test Plan. Version 1.1.

AllSeen Summit 2015: IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect ALLSEEN ALLIANCE

OpenCA v (ten-ten 2 )

DHCP and DNS Services

Using CertAgent to Obtain Domain Controller and Smart Card Logon Certificates for Active Directory Authentication

Microsoft Trusted Root Certificate: Program Requirements

HTTP. Internet Engineering. Fall Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

Chapter 8 Virtual Private Networking

Configuration Commands. SNMP System Commands. engineid XRS System Management Guide Page 303 SNMP. Syntax [no] engineid engine-id

Kantara egov and SAML2int comparison

Online signature API. Terms used in this document. The API in brief. Version 0.20,

ETSI EN V2.1.1 ( )

Understanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012

Configuring SSL Termination

Authentication Applications

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

ASA 8.x Manually Install 3rd Party Vendor Certificates for use with WebVPN Configuration Example

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Presented by Greg Lindsay Technical Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group April 7, 2010

Abstract. Avaya Solution & Interoperability Test Lab

Forumbee Single Sign- On

Domain Name System (DNS)

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

Security certificate management

Best Practices for SIP Security

ASA Remote Access VPN with OCSP Verification under Microsoft Windows 2012 and OpenSSL

SSL Report: ebfl.srpskabanka.rs ( )

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

TechNote 0006: Digital Signatures in PDF/A-1

HOST EUROPE CLOUD STORAGE REST API DEVELOPER REFERENCE

Configuring and Using the TMM with LDAP / Active Directory

SBClient SSL. Ehab AbuShmais

IPv4 Shortage Multiple SSL Certificates on a single IP address

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Webair CDN Secure URLs

CERTIFICATION PRACTICE STATEMENT UPDATE

Key Management and Distribution

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

UserGuide ReflectionPKIServicesManager

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Chapter 4 Virtual Private Networking

Certificate Path Validation

Digital Signatures in a PDF

SSL BEST PRACTICES OVERVIEW

Certification Service Provider of the Ministry of Employment and Social Securityp. Profile for Electronic seal certificate

Introduction to the DANE Protocol

Certificate Policy and Certification Practice Statement

Author: Kai Engert, kaie at redhat dot com or kaie at kuix dot de For updates to this document, please check

How to Use Certificates for Additional Security

PowerChute TM Network Shutdown Security Features & Deployment

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

TeliaSonera Server Certificate Policy and Certification Practice Statement

SecurityConsole:1 Service Template

Visa Public Key Infrastructure Certificate Policy (CP)

Configuring Digital Certificates

Application Note Configuring Department of Defense Common Access Card Authentication on McAfee. Firewall Enterprise

SEZ SEZ Online Manual- DSC Signing with Java Applet. V Version 1.0 ersion 1.0

Apple Certificate Library Functional Specification

Smart Card Authentication Client. Administrator's Guide

Websense Content Gateway HTTPS Configuration

A PKI case study: Implementing the Server-based Certificate Validation Protocol

CALIFORNIA SOFTWARE LABS

Normas ETSI e IETF para Assinatura Digital. Ernandes Lopes Bezerra. Ernandes. 26 de dezembro de 2012

Securing VMware View Communication Channels with SSL Certificates TECHNICAL WHITE PAPER

SSL and Browsers: The Pillars of Broken Security

IPsec Details 1 / 43. IPsec Details

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006

Faking Extended Validation SSL Certificates in Internet Explorer 7

SSL Report: okidirect.co.uk ( )

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.

Interoperability Guidelines for Digital Signature Certificates issued under Information Technology Act

Lab - Observing DNS Resolution

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

Public Key Infrastructure (PKI)

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

Transcription:

OCSP over DNS I-D Proposal by: Massimiliano Pala (NYU) Scott Rea (DigiCert) sales@digicert.com www.digicert.com +1 (801) 877-2100

OCSP over DNS Table of Contents Slide Title 3 Inconsistent Revocation checking is status quo 4 CAB Forum Revocation WG 5 OCSP over DNS (Background) 7 OCSP over DNS (Overview) 9 DNS URL Definition 11 Processing OCSP over DNS 12 Feedback 13 Contacts

Inconsistent Revocation Industry Status Quo The CA attacks revealed that clients are inconsistent in handling revocation Revocation information is not obtained in a timely manner CRL validity lengths are often too long and lack fresh data due to caching OCSP is not consistently deployed and used Difficult to manage root and intermediate revocation

CAB Forum Initiatives to Address Revocation CAB Forum is trying to address the deficiencies in revocation Participants from ICAs, Browsers, Research & EDU, IETF, major Relying Parties Different problems from different perspectives Revocation data availability problems Access time to revocation services High maintenance costs for high-volume environments Managing trust anchor revocation Initial proposals Short term Lightweight OCSP Profile [RFC5019] + CDN friendly Mid term Smart fail revocation mechanisms in client software Long term Certificate issuance transparency and white lists

The Background DNS can be used to distribute OCSP responses No need for request/response protocol Allows to lower the costs of distributing revinfo to clients Use of the DNS caching system Possible for SSL/TLS certificates for larger sites Current Challenges OCSP responses waste bits on the wire if cert is valid DNS allows for single UDP packet (if resp < 512bytes) Use of EC keys might be advisable Definition of DNS-based URLs for OCSP distribution Allow for fallback URLs for backward compatibility Some clients only query the first URL in AIAs

The Objective The main goal is to enable a new OCSP response distribution mechanism using DNS OCSP-over-DNS approach allows clients to determine the status of digital certificates specifically aimed at high-traffic secure Internet servers (i.e., SSL/TLS) by optimizing the delivery mechanism for revocation information distribution to the client. This transport protocol can be used in lieu of or in addition to other PKIX endorsed transport mechanisms such as HTTP. OCSP-over-DNS is meant to be used in conjunction with precomputed OCSP responses. This document defines the DNS records to be used for OCSP data publication and the definition of additional URLs for the AuthorityInfoAccess (AIA) extension in certificates.

Overview To validate a certificate using OCSP-over-DNS, the client should check the certificate for a DNS-based OCSP base URI, construct the URI for the specific certificate, and then retrieve the OCSP response from the DNS. After this point, all procedures are to be performed according to the OCSP protocol as defined in [RFC5019]. Steps: 1. Lookup the OCSP URI provided in the AIA of the certificate to be checked. The format of the URI comprises the id-ad-ocsp identifier and a base URL where the scheme is dns://. The format of the full URI is discussed in the next section. 2. Build the OCSP query for the certificate to be checked. This is done by prepending the hex representation of the digest of the certificate to the base domain provided in the OCSP DNS URI. 3. Retrieve the DNS record carrying the required OCSP response. The Client SHOULD retrieve the revocation information directly through the DNS system. The distributed nature of DNS will allow for automatic load distribution.

Defining DNS URLs in Certificates CAs provide the capability to check certificate status via OCSP by including the AuthorityInfoAccess extension in the certificate with an accessmethod of id-ad-ocsp and containing a URI in the accesslocation This I-D defines an additional transport protocol (other than the standard HTTP defined in RFC 5280) that of DNS This transport mechanism is useful only in environments where OCSP responses are pre-computed The accessloaction SHOULD define 'dns' or 'dnssec' as the transport used to access the OCSP response data Additionally the URL can optionally contain parameters to specify the digest algorithms to be used by clients to calculate the DNS query Default is SHA256 URL Definition follows It has been brought to our attention that RFC 4501 already defines a DNS URI (analysis is required to evaluate our proposal against existing RFC)

DNS URL Definition dnsurl = scheme COLON SLASH SLASH [base] [QUESTION [ algorithm / oid] ; base: is the base hostname for ; the lookup operation. ; algorithm: is the text representation ; of the algorithm to be used to calculate ; the hash of the certificate scheme = "dns" / "dnssec" algorithm = "SHA1" / "SHA256" / "SHA384" / "SHA512" oid = "OID" COLON oidvalue ; oidvalue is the string representation of ; the oid for the hash algorithm to be used ; to calculate the hash of the certificate SLASH = %x2f ; forward slash ("/") COLON = %x3a ; colon (":") QUESTION = %x3f ; question mark ("?")

DNS URL Definition The "dns" prefix indicates an entry or entries accessible from the configured DNS server. The "dnssec" prefix indicates, instead, an entry or entries accessible via the DNSSEC protocol and verification of the returned data SHOULD be performed. Note that the <base> may contain literal IPv6 addresses as specified in Section 3.2.2 of [RFC3986]. The <algorithm> construct is used to specify the digest algorithm that MUST be used to construct the final DNS query. The allowable values are "SHA1", "SHA256", "SHA384", or "SHA512". Alternative algorithms can be specified by use of OID May need to expand this to allow for Hash parameters to be specified when relevant (e.g. GOST?) E.g. Using SHA1 = dns://somedomain?sha1 Using MD5 = dns://somedomain?oid:1.2.840.113549.2.5 Using SHA256 = dns://somedomain

Processing Steps Process steps for clients: extract the <base> from the URL pre-pend it with the hex representation of the digest value calculated over the DER representation of the certificate to be validated the digest and the <base> values SHOULD be separated by the dot "." character. the hash algorithm to be used is to be extracted from the AIA extension if no value is specified, the SHA256 algorithm SHOULD be used to calculate the hash value E.g. 4088439518ed222e9abf7555b954bd549b78325b.somedomain<base> client queries the DNS for TXT records from the constructed query. the returned value SHOULD contain the base64 encoded value of the OCSP response related to the certificate that needs to be validated.

Feedback Invitation for Comments We invite feedback and additional collaborators on these ideas See contact details on next slides Including specific comments on the I-D

Contact Details Relevant Links Link to I-D: https://datatracker.ietf.org/doc/draft-pala-rea-ocsp-over-dns/ Massimiliano Pala: pala@nyu.edu Scott Rea: (801) 701-9636, Scott@DigiCert.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information