OCSP over HTTP

OCSP over HTTP

[21] OCSP は、証明書失効の有無を確認するためのプロトコルです。

プロトコル

[20]

メモ

[1] RFC 6960 - X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP ( 版) <http://tools.ietf.org/html/rfc6960>

[2] ImperialViolet - Revocation checking and Chrome's CRL (Adam Langley 著, 版) <https://www.imperialviolet.org/2012/02/05/crlsets.html>

[3] Online Certificate Status Protocol - Wikipedia ( 版) <http://ja.wikipedia.org/wiki/Online_Certificate_Status_Protocol>

[4] CA:ImprovingRevocation - MozillaWiki ( 版) <https://wiki.mozilla.org/CA:ImprovingRevocation>

[5] Revoking Intermediate Certificates: Introducing OneCRL | Mozilla Security Blog ( 版) <https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/>

[6] Necko/Differences - MozillaWiki ( 版) <https://wiki.mozilla.org/Necko/Differences>

Other browsers implement persistent OCSP caches, but we do not (for various reasons).

[7] 157555 – OCSP tracking bug ( 版) <https://bugzilla.mozilla.org/show_bug.cgi?id=157555>

[8] OCSP stapling

[9] ImperialViolet - No, don't enable revocation checking ( (Adam Langley著, )) <https://www.imperialviolet.org/2014/04/19/revchecking.html>

[10] Improving Revocation: OCSP Must-Staple and Short-lived Certificates | Mozilla Security Blog ( ()) <https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/>

In an ideal world, the browser would perform an online status check (such as OCSP) whenever it verifies a certificate, and reject the certificate if the check failed. However, these checks can be slow and unreliable. They time out about 15% of the time, and take about 350ms even when they succeed. Browsers generally soft-fail on revocation in an attempt to balance these concerns.

[11] Security FAQ - The Chromium Projects ( ()) <https://www.chromium.org/Home/chromium-security/security-faq#TOC-What-s-the-story-with-certificate-revocation->

Chrome performs online checking for Extended Validation certificates if it does not already have a non-expired CRLSet entry covering the domain. If Chrome does not get a response, it simply downgrades the security indicator to Domain Validated.

[34] Chromeは既定だとオンラインで証明書の失効確認していないので設定方法を調べてみた - piyolog ( 版) <http://d.hatena.ne.jp/Kango/20140413/1397345642>

[12] Issue 361820 - chromium - Check For Server Certificate Revocation checkbox is confusing - Monorail ( ()) <https://bugs.chromium.org/p/chromium/issues/detail?id=361820>

[13] Certificate revocation and the performance of OCSP | Netcraft ( ()) <http://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html>

[14] Internet Explorer 7 における HTTPS セキュリティの強化点 ( ()) <https://msdn.microsoft.com/ja-jp/library/bb250503>

原因 : Windows Vista にパフォーマンス強化および OCSP プロトコルのサポートが追加されたことで、WININET では既定で失効状態のチェックが有効になり、セキュリティが強化されます。

[15] 991815 – (mozilla::pkix) Sites not getting EV treatment with mozilla::pkix is on, but do get EV treatment when mozilla::pkix is off because OCSP response is old ( ()) <https://bugzilla.mozilla.org/show_bug.cgi?id=991815>

[16] OpenSSL ( (OpenSSL Foundation, Inc.著, )) <https://www.openssl.org/docs/manmaster/crypto/OCSP_sendreq_new.html>

[17] OpenSSL ( (OpenSSL Foundation, Inc.著, )) <https://www.openssl.org/docs/manmaster/crypto/OCSP_response_status.html>

[18] OpenSSL: how to setup an OCSP server for checking third-party certificates? - Server Fault ( ()) <http://serverfault.com/questions/131983/openssl-how-to-setup-an-ocsp-server-for-checking-third-party-certificates>

[19] OpenSSL ( (OpenSSL Foundation, Inc.著, )) <https://www.openssl.org/docs/manmaster/apps/ocsp.html>

[22] Feature request: OCSP Must Staple (RFC 7633) - Google グループ ( ()) <https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/-pB8IFNu5tw>

The state of the world for OCSP code is bad. Real bad. Unless you're running IIS, or running a home-grown OCSP daemon, you're going to staple bad responses. That is, if you turn on stapling in Apache or nginx, you're going to serve junk to a portion of your users. When you serve junk, in a must-staple world, everything goes badly.

Further, the world assumes clients are well-behaved - they have good clocks, good caching logic, and good OCSP implementations. Unfortunately, those assumptions can all be wrong - and when something's wrong on the client, it could brick sites. We already see this with HSTS and a variety of otherwise fixable errors (such as clock skew) contributing significantly to warning fatigue or user frustration - and it's actually rather surprisingly hard to quantify, on the client, the ways in which the client could have screwed up.

To that end, our focus has been on quantifying the OCSP ecosystem - both in terms of what the CAs are sending (... frequently, horribly bloated responses that often fail basic DER encoding rules), and what servers are doing. We're also exploring how to allow server operators to participate in that virtuous feedback cycle, by providing something akin to 'expect-staple' - that is, a signifier that the server *should* always be sending valid stapled responses, and a means of getting feedback when this is not the case. This will allow sites to further debug and investigate, both client errors and the fact that, again, most of the OCSP fetching code on servers is bad.

[23] RFC 4557 - Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) () <https://tools.ietf.org/html/rfc4557>

[24] Only specific APIs should skip the fetch event when called within a service worker · Issue #303 · whatwg/fetch () <https://github.com/whatwg/fetch/issues/303>

[25] Document CORS safelist exceptions (estark37著, ) <https://github.com/whatwg/fetch/commit/860ab8669fb3775b77b6f81e44e5a2609db0bc93>

[26] High-reliability OCSP stapling and why it matters () <https://blog.cloudflare.com/high-reliability-ocsp-stapling/>

[27] OCSP / SCT requirements of the cert-chain · Issue #175 · WICG/webpackage () <https://github.com/WICG/webpackage/issues/175>