[27] [DFN[OCSP Stapling]] は、 [[TLS handshake]] において [[OCSP応答]]を
[[TLSサーバー]]から[[TLSクライアント]]へと送信するものです。
これによって[[クライアント]]は別途 [[OCSPサーバー]]に照会することなく[[サーバー証明書]]が[[失効]]していないか確認できます。

;; [28] [[OCSP応答]]は [[CA]] により[[署名]]されていますから、
直接の送信元が誰であっても (正しく[[署名]]されていることが確認できる限りは)
信用できます。

* 仕様書

[REFS[
- [1] [CITE@en[RFC 6066 - Transport Layer Security (TLS) Extensions: Extension Definitions]]
([TIME[2015-02-01 18:07:52 +09:00]] 版)
<https://tools.ietf.org/html/rfc6066#section-8>
- [8] [CITE@en[RFC 7633 - X.509v3 Transport Layer Security (TLS) Feature Extension]]
([TIME[2016-03-31 08:08:39 +09:00]])
<https://tools.ietf.org/html/rfc7633>
- [9] [CITE[RFC Errata Report » RFC Editor]]
([TIME[2016-05-09 21:20:19 +09:00]])
<https://www.rfc-editor.org/errata_search.php?rfc=7633>
]REFS]

* 構文

[63] [[OCSP応答]]はいくつでも含めることができますが、
通常は1つだけ ([[中間証明書]]のものは含めない) とするようです。

* OCSP must-staple

[30] [DFN[OCSP must-staple]] は、 [[OCSP stapling]] を必須とする[[証明書]]のフラグです。

[66] 
[CODE[tlsfeature]]
[[証明書拡張]]に値
[CODE[5]]
を指定することにより、有効となります。

[31] [[TLS]] の[[サーバー証明書]]で [[OCSP must-staple]] が有効な場合、
当該 [[TLS handshake]] で [[OCSP stapling]] によって[[証明書]]の有効性を検証できない場合、
失敗しとして扱わなければなりません。

[40] [[Let's Encrypt]] などいくつかの [[CA]] が [[must-staple]] フラグ付き[[証明書]]を発行している
(フラグを付けるオプションを提供している) ようです。
[[OpenSSL]] で [[must-staple]] フラグ付き[[証明書]]を発行できます。

[67] しかし実際にフラグを立てた[[証明書]]はなかなか見かけません。

[41] [[クライアント]]としては [[Firefox]] が対応しています。
[[Chrome]] は対応の予定が無いようです [SRC[>>37]]。

[69] 
以来数年が経過し、状況が変わる見込みはなさそうです。この技術は失敗したと考えていいのかもしれません。

* 利用例

[29] [[OCSP stapling]] を利用した [[Webサイト]]の例:

[REFS[
- [20] [CITE[CloudFlare - The web performance & security company]] ([TIME[2016-05-10 09:01:47 +09:00]]) <https://www.cloudflare.com/>
- [21] [CITE@en[Bugzilla Main Page]] ([TIME[2016-05-11 20:40:12 +09:00]]) <https://bugzilla.mozilla.org/>
- [22] [CITE[Amazon | 本, ファッション, 家電から食品まで | アマゾン]] ([TIME[2016-05-11 20:44:07 +09:00]]) <https://www.amazon.co.jp/>
- [62] 
<https://mozilla.org/> [TIME[2018-01-30T15:11:45.00Z]]
- [64] <https://www.w3.org/> [TIME[2018-01-30T15:15:50.400Z]]
]REFS]

[38] [[OCSP stapling]] + [[must-staple]] の例:
[REFS[
- [39] [CITE[suche.org : Welcome]] ([[Thomas Lußnig]] 著, [TIME[2016-05-31 00:04:22 +09:00]] 版) <https://suche.org/>
]REFS]

* 関連

[23] [[OCSP Multi-Stapling]] もあります。

* 歴史

[2] [CITE@en[Security/Server Side TLS - MozillaWiki]]
([TIME[2015-03-22 14:32:49 +09:00]] 版)
<https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling>

[3] [CITE@en[CA:RevocationPlan - MozillaWiki]]
( ([TIME[2016-05-09 14:49:37 +09:00]]))
<https://wiki.mozilla.org/CA:RevocationPlan>

[4] [CITE@en-US[OCSP Stapling in Firefox | Mozilla Security Blog]]
( ([TIME[2016-05-09 20:06:13 +09:00]]))
<https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/>

[5] [CITE@en-US[Improving Revocation: OCSP Must-Staple and Short-lived Certificates | Mozilla Security Blog]]
( ([TIME[2016-05-09 20:09:44 +09:00]]))
<https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/>

[6] [CITE@en[ImperialViolet - No, don't enable revocation checking]]
( ([[Adam Langley]]著, [TIME[2016-05-09 20:59:09 +09:00]]))
<https://www.imperialviolet.org/2014/04/19/revchecking.html>

[7] [CITE@en[draft-hallambaker-muststaple-00 - X.509v3 Extension: OCSP Stapling Required]]
( ([TIME[2016-03-27 22:08:53 +09:00]]))
<https://tools.ietf.org/html/draft-hallambaker-muststaple-00>


[10] [CITE[OCSP Must-Staple と OCSP Multi-Stapling、及び OneCRL|サイバートラスト]]
( ([TIME[2016-05-09 21:25:07 +09:00]]))
<https://www.cybertrust.ne.jp/journal/ocsp-must-staple-ocsp-multi-stapling-onecrl.html>

[11] [CITE@en[Improving revocation : will Let's Encrypt support OCSP Must-staple? - Feature Requests - Let's Encrypt Community Support]]
([TIME[2016-05-09 21:31:05 +09:00]])
<https://community.letsencrypt.org/t/improving-revocation-will-lets-encrypt-support-ocsp-must-staple/4334/>

[12] [CITE@en[Issue 572734 - chromium - Support for OCSP Must-staple - Monorail]]
( ([TIME[2016-05-09 21:33:11 +09:00]]))
<https://bugs.chromium.org/p/chromium/issues/detail?id=572734>

[68] 
[CITE@en[Reporting for OCSP stapling ("Expect-OCSP") '''['''41246003''']''' - Chromium]], [TIME[2024-04-02T15:04:01.000Z]] <https://issues.chromium.org/issues/41246003>

[13] [CITE@en[901698 – implement OCSP-must-staple (off by default)]]
( ([TIME[2016-05-09 21:33:58 +09:00]]))
<https://bugzilla.mozilla.org/show_bug.cgi?id=901698>

[14] [CITE['''['''websec''']''' Requiring OCSP Stapling as a directive in HSTS]]
( ([TIME[2015-04-27 20:20:37 +09:00]]))
<https://www.ietf.org/mail-archive/web/websec/current/msg02297.html>

[15] [CITE@en[921907 – Enable OCSP must-staple feature]]
( ([TIME[2016-05-09 21:46:19 +09:00]]))
<https://bugzilla.mozilla.org/show_bug.cgi?id=921907>

[16] [CITE[JEP 249: OCSP Stapling for TLS]]
( ([TIME[2016-05-09 22:20:19 +09:00]]))
<http://openjdk.java.net/jeps/249>

[17] [CITE@en[Bug 50740 – Enable OCSP Stapling by default]]
( ([TIME[2016-05-09 22:24:33 +09:00]]))
<https://bz.apache.org/bugzilla/show_bug.cgi?id=50740>

[18] [CITE@en[360420 – Implement OCSP Stapling in libSSL]]
( ([TIME[2016-05-09 22:25:14 +09:00]]))
<https://bugzilla.mozilla.org/show_bug.cgi?id=360420>

[19] [CITE@en[gecko-dev/NSSCertDBTrustDomain.cpp at master · mozilla/gecko-dev]]
( ([TIME[2016-05-10 22:46:40 +09:00]]))
<https://github.com/mozilla/gecko-dev/blob/master/security/certverifier/NSSCertDBTrustDomain.cpp>

[24] [CITE@en[OpenSSL]]
( ([[OpenSSL Foundation, Inc.]]著, [TIME[2016-05-28 15:30:23 +09:00]]))
<https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_status_cb.html>

[25] [CITE@en[OpenSSL]]
( ([[OpenSSL Foundation, Inc.]]著, [TIME[2016-05-28 15:41:29 +09:00]]))
<https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_status_cb.html>

[26] [CITE@en[nginx/ngx_event_openssl_stapling.c at master · nginx/nginx]]
( ([TIME[2016-05-29 00:30:40 +09:00]]))
<https://github.com/nginx/nginx/blob/master/src/event/ngx_event_openssl_stapling.c>

[FIG(quote)[
[FIGCAPTION[
[32] [CITE@en[OpenSSL]]
( ([[OpenSSL Foundation, Inc.]]著, [TIME[2016-05-30 18:30:06 +09:00]]))
<https://www.openssl.org/docs/manmaster/apps/x509v3_config.html#TLS-Feature-aka-Must-Staple>
]FIGCAPTION]

> TLS Feature (aka Must Staple)
> This is a multi-valued extension consisting of a list of TLS extension identifiers. Each identifier may be a number (0..65535) or a supported name. When a TLS client sends a listed extension, the TLS server is expected to include that extension in its reply.
> The supported names are: status_request and status_request_v2.
> Example:
>  tlsfeature = status_request

]FIG]


[33] [CITE@en[Diff - 6c7aed048ca0a335e02dfee10976c5dc8620783e^! - boringssl - Git at Google]]
( ([TIME[2016-05-30 19:27:05 +09:00]]))
<https://boringssl.googlesource.com/boringssl/+/6c7aed048ca0a335e02dfee10976c5dc8620783e%5E!/>

[34] [CITE@en[Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). by robstradling · Pull Request #495 · openssl/openssl]]
( ([TIME[2016-05-30 22:53:46 +09:00]]))
<https://github.com/openssl/openssl/pull/495>

[35] [CITE@en[DigiCert OCSP-Stapling Improves NGINX Server Security | DigiCert Blog]]
( ([TIME[2016-05-30 23:31:28 +09:00]]))
<https://blog.digicert.com/digicert-ocsp-stapling-improves-nginx-security/>

[36] [CITE[How to simply check if a certificate has the OCSP must-staple attribute? - Information Security Stack Exchange]]
( ([TIME[2016-05-30 23:37:38 +09:00]]))
<http://security.stackexchange.com/questions/119316/how-to-simply-check-if-a-certificate-has-the-ocsp-must-staple-attribute>

[37] [CITE[Feature request: OCSP Must Staple (RFC 7633) - Google グループ]]
( ([TIME[2016-05-30 23:52:06 +09:00]]))
<https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/-pB8IFNu5tw>

[42] [CITE@en[Add support for OCSP Must-Staple · Issue #249 · ebekker/ACMESharp]]
([TIME[2018-01-29 23:50:37 +09:00]])
<https://github.com/ebekker/ACMESharp/issues/249>

[43] [CITE@en[Improving revocation : will Let's Encrypt support OCSP Must-staple? - Feature Requests - Let's Encrypt Community Support]]
([TIME[2018-01-29 23:51:09 +09:00]])
<https://community.letsencrypt.org/t/improving-revocation-will-lets-encrypt-support-ocsp-must-staple/4334/25>

[44] [CITE@en[Support OCSP must staple · Issue #104 · jetstack/kube-lego]]
([TIME[2018-01-29 23:51:48 +09:00]])
<https://github.com/jetstack/kube-lego/issues/104>

[45] [CITE@en[OCSP Must-Staple (TLS Feature extension) · Issue #3891 · pyca/cryptography]]
([TIME[2018-01-29 23:53:07 +09:00]])
<https://github.com/pyca/cryptography/issues/3891>

[46] [CITE@en[/docs/manmaster/man5/x509v3_config.html]]
([[OpenSSL Foundation, Inc.]]著, [TIME[2018-01-29 23:54:34 +09:00]])
<https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#TLS-Feature-aka-Must-Staple>

[47] [CITE@en[High-reliability OCSP stapling and why it matters]]
([TIME[2018-01-29 23:55:46 +09:00]])
<https://blog.cloudflare.com/high-reliability-ocsp-stapling/>

[FIG(quote)[
[FIGCAPTION[
[48] [CITE@en[High-reliability OCSP stapling and why it matters]]
([TIME[2018-01-29 23:55:46 +09:00]])
<https://blog.cloudflare.com/high-reliability-ocsp-stapling/>
]FIGCAPTION]

> Firefox enforces OCSP must-staple, returning the following error if such a certificate is presented without a stapled OCSP response.
> Chrome provides the ability to mark a domain as “Expect-Staple”. If Chrome sees a certificate for the domain without a staple, it will send a report to a pre-configured report endpoint.

]FIG]


[49] [CITE@ja[OCSP Expect-Staple - Google ドキュメント]]
([TIME[2018-01-30 00:10:16 +09:00]])
<https://docs.google.com/document/d/1aISglJIIwglcOAhqNfK-2vtQl-_dWAapc-VLDh-9-BE/edit#heading=h.rkpittae54q>

[50] [CITE@en[1323141 - tryLater OCSP response causes hard failure when stapled]]
([TIME[2018-01-30 00:19:51 +09:00]])
<https://bugzilla.mozilla.org/show_bug.cgi?id=1323141>

[51] [CITE@en[How to Resolve the "Secure Connection Failed" Certificate Error in Firefox | Alexander's Blog]]
([TIME[2018-01-30 17:05:51 +09:00]])
<https://www.zubairalexander.com/blog/how-to-resolve-the-secure-connection-failed-error-in-firefox/>

[52] [CITE@en[Can not access gogs.io by Firefox · Issue #3606 · gogits/gogs]]
([TIME[2018-01-30 17:07:37 +09:00]])
<https://github.com/gogits/gogs/issues/3606>

[53] [CITE@en[TLS/OSCP Issues on gogs.io with Firefox · Issue #3793 · gogits/gogs]]
([TIME[2018-01-30 17:10:15 +09:00]])
<https://github.com/gogits/gogs/issues/3793>

[54] [CITE@en[OCSP server sending expired responses + stapling breaks Chrome - Help - Let's Encrypt Community Support]]
([TIME[2018-01-30 18:10:24 +09:00]])
<https://community.letsencrypt.org/t/ocsp-server-sending-expired-responses-stapling-breaks-chrome/23964>

[55] [CITE@en[OCSP stapling should not be green "Yes" for sites with revoked certificates · Issue #142 · ssllabs/ssllabs-scan]]
([TIME[2018-01-30 18:12:33 +09:00]])
<https://github.com/ssllabs/ssllabs-scan/issues/142>

[FIG(quote)[
[FIGCAPTION[
[56] [CITE@ja[Secure Connection Failed | Firefox サポートフォーラム | Mozilla サポート]]
([TIME[2018-01-30 18:17:27 +09:00]])
<https://support.mozilla.org/ja/questions/1161980>
]FIGCAPTION]

> The problem lies with Microsoft, whose servers    (in layman's terms)    send an expired assurance that their SSL certificate is still valid.
> Unfortunately it turns out that  Firefox  is the only browser checking for this on each secure https site it is loading.  
> (whereas other browsers glance over that and only check for  : 
> https://en.wikipedia.org/wiki/Extended_Validation_Certificate).

]FIG]


[57] [CITE@bm[An error occurred during a connection to tools.usps.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT | Firefox Support Forum | Mozilla Support]]
([TIME[2018-01-30 18:29:14 +09:00]])
<https://support.mozilla.org/bm/questions/1179899>

[58] [CITE@en[727255 - Invalid OCSP stapled responses don't cause a spec-mandated connection abort - chromium - Monorail]]
([TIME[2018-01-30 18:29:30 +09:00]])
<https://bugs.chromium.org/p/chromium/issues/detail?id=727255>

[59] [CITE[Security FAQ - The Chromium Projects]]
([TIME[2018-01-30 16:44:16 +09:00]])
<https://dev.chromium.org/Home/chromium-security/security-faq#TOC-What-s-the-story-with-certificate-revocation->

[60] [CITE@en[ocsp-stapling.md]]
([TIME[2018-01-30 18:52:02 +09:00]])
<https://gist.github.com/sleevi/5efe9ef98961ecfb4da8>

[61] [CITE@en[50740 – Enable OCSP Stapling by default]]
([TIME[2018-01-30 18:56:16 +09:00]])
<https://bz.apache.org/bugzilla/show_bug.cgi?id=50740>

[65] 
[[RFC 7633]]
には
[CITE[Transport Layer Security (TLS) Extensions]] ([TIME[2018-08-17 03:30:07 +09:00]]) <https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml>
に
[[IANA登録簿]]があると書いてあるが、
実際には存在せず、
他の場所にも見当たらず。
[TIME[2018-08-26T15:17:28.400Z]]