[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OCSP response authentication question

To: ietf-pkix@xxxxxxx
Subject: OCSP response authentication question
From: Jonathan.Tuliani@xxxxxxxxxxx
Date: Mon, 11 Dec 2000 16:14:09 +0000
Cc:

Deal all,

We've been having a little trouble understanding how we should be planning
to authenticate our OCSP responses in the case where there is more than one
certificate from more than one issuer.  If anyone can help to shed some
light on this issue, we should be most grateful.  Details follow.

We're using the June 1999 edition of the OCSP spec, btw.

Suppose that a client wished to authenticate more than one certificate.
For example, suppose the client has a chain of certificates: to validate
the chain requires each certificate to be revocation checked.  It is
possible to bundle all of these certificates into a single OCSP request.
Similarly, the OCSP response should be able to give us the status for each
certificate.

Our problem arises when trying to authenticate this response.  It is
reasonable to suppose that the certificates in the request could have been
issued by a variety of different bodies.  Indeed, this is likely to be so
in the common usage scenario of validating a certificate chain.  However,
notice that the OCSP response has only a single signature.  This being the
case, there is no way we can employ rules 2 or 3 under section 4.2.2.2 of
the OCSP spec - these specify that the response be signed either directly
by the certificate issuing CA, or contain an extendedKeyUsage extension
issued directly by the issuing CA.  This leaves rule 1, that is that the
response match a locally configured trusted responder.

Now suppose additionally that the OCSP server in question is operating in
the mode described in section 4.4.6 of the spec.  That is, information is
taken from AuthorityInfoAccess extensions in the certificates to form
serviceLocator extensions, which are placed into the request as
singleRequestExtensions.  The OCSP server uses these extensions to direct
the request to other servers known to be authoritative for the certificate
in question.  In our scenario, these serviceLocator extensions will be
specifying several different authoritative servers.  We suppose then that
the original OCSP server must collate and authenticate these responses,
before compiling a single response valid for all certificates, which it
then signs and sends to the client.

We would be grateful if someone more familiar with the OCSP spec could
confirm that what I have described is indeed a valid intended usage
scenario.  In particular, we are concerned about the authentication of the
multiple responses that the OCSP server must perform before producing the
collated response.  Is it correct for the client to trust the server with
this task?

Best regards, and thanks in advance,

Jonathan
-----------------------------
Jonathan.Tuliani@Symbian.com
www.symbian.com

Prev by Date: RE: OCSP identifiers
Next by Date: Re: ASN.1 readability (was Re: Semi-annual reminder: dumpasn1 utility available)
Previous by thread: Russian Goods and Service from Moscow
Next by thread: RE: OCSP response authentication question
Index(es):
- Date
- Thread