1
2NETWORK WORKING GROUP                                             L. Zhu
3Internet-Draft                                             K. Jaganathan
4Expires: February 8, 2005                          Microsoft Corporation
5                                                             N. Williams
6                                                        Sun Microsystems
7                                                         August 10, 2004
8
9
10
11                        OCSP Support for PKINIT
12                   draft-ietf-krb-wg-ocsp-for-pkinit-01
13
14
15Status of this Memo
16
17
18   This document is an Internet-Draft and is subject to all provisions
19   of section 3 of RFC 3667.  By submitting this Internet-Draft, each
20   author represents that any applicable patent or other IPR claims of
21   which he or she is aware have been or will be disclosed, and any of
22   which he or she become aware will be disclosed, in accordance with
23   RFC 3668.
24
25
26   Internet-Drafts are working documents of the Internet Engineering
27   Task Force (IETF), its areas, and its working groups.  Note that
28   other groups may also distribute working documents as
29   Internet-Drafts.
30
31
32   Internet-Drafts are draft documents valid for a maximum of six months
33   and may be updated, replaced, or obsoleted by other documents at any
34   time.  It is inappropriate to use Internet-Drafts as reference
35   material or to cite them other than as "work in progress."
36
37
38   The list of current Internet-Drafts can be accessed at
39   http://www.ietf.org/ietf/1id-abstracts.txt.
40
41
42   The list of Internet-Draft Shadow Directories can be accessed at
43   http://www.ietf.org/shadow.html.
44
45
46   This Internet-Draft will expire on February 8, 2005.
47
48
49Copyright Notice
50
51
52   Copyright (C) The Internet Society (2004).
53
54
55Abstract
56
57
58   This document defines a mechanism to enable in-band transmission of
59   OCSP responses.  These responses are used to verify the validity of
60   the certificates used in PKINIT - the Kerberos Version 5 extension
61   that provides for the use of public key cryptography.
62
63
64
65
66
67Zhu, et al.             Expires February 8, 2005                [Page 1]
68Internet-Draft          OCSP Support for PKINIT              August 2004
69
70
71
72Table of Contents
73
74
75   1.   Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
76   2.   Conventions Used in This Document  . . . . . . . . . . . . . . 4
77   3.   Message Definition . . . . . . . . . . . . . . . . . . . . . . 5
78   4.   Security Considerations  . . . . . . . . . . . . . . . . . . . 6
79   5.   IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 7
80   6.   References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
81        Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 7
82        Intellectual Property and Copyright Statements . . . . . . . . 9
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125Zhu, et al.             Expires February 8, 2005                [Page 2]
126Internet-Draft          OCSP Support for PKINIT              August 2004
127
128
129
1301.  Introduction
131
132
133   Online Certificate Status Protocol (OCSP) [RFC2560] enables
134   applications to obtain timely information regarding the revocation
135   status of a certificate.  Because OCSP responses are well-bounded and
136   small in size, constrained clients may wish to use OCSP to check the
137   validity of KDC certificates in order to avoid transmission of large
138   Certificate Revocation Lists (CRLs) and therefore save bandwidth on
139   constrained networks.
140
141
142   This document defines a pre-authentication type [CLARIFICATIONS],
143   where the client and the KDC MAY piggyback OCSP responses for
144   certificates used in authentication exchanges, as defined in
145   [PKINIT].
146
147
148   By using this OPTIONAL extension, PKINIT clients and the KDC can
149   maximize the reuse of cached OCSP responses.
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185Zhu, et al.             Expires February 8, 2005                [Page 3]
186Internet-Draft          OCSP Support for PKINIT              August 2004
187
188
189
1902.  Conventions Used in This Document
191
192
193   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
194   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
195   document are to be interpreted as described in [RFC2119].
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243Zhu, et al.             Expires February 8, 2005                [Page 4]
244Internet-Draft          OCSP Support for PKINIT              August 2004
245
246
247
2483.  Message Definition
249
250
251   A pre-authentication type identifier is defined for this mechanism:
252
253
254              PA-PK-OCSP-RESPONSE              16
255
256
257   The corresponding pre-authentication field contains OCSP data as
258   follows:
259
260
261          PA-PK-OCSP-DATA ::= SEQUENCE OF OcspResponse
262
263
264          OcspResponse ::= OCTET STRING
265                         -- contains a complete OCSP response,
266                         -- defined in [RFC2560]
267
268
269   The client MAY send OCSP responses for certificates used in
270   PA-PK-AS-REQ [PKINIT] via a PA-PK-OCSP-RESPONSE.
271
272
273   The KDC that receives a PA-PK-OCSP-RESPONSE the SHOULD send a
274   PA-PK-OCSP-RESPONSE in response.  The client can request a
275   PA-PK-OCSP-RESPONSE by using an empty sequence in its request.
276
277
278   The KDC MAY send a PA-PK-OCSP-RESPONSE when it does not receive a
279   PA-PK-OCSP-RESPONSE from the client.
280
281
282   The PA-PK-OCSP-RESPONSE sent by the KDC contains OCSP responses for
283   certificates used in PA-PK-AS-REP [PKINIT].
284
285
286   Note the lack of integrity protection for the empty or missing OCSP
287   response; lack of an expected OCSP response from the KDC for the
288   KDC's certificates SHOULD be treated as an error by the client,
289   unless it is configured otherwise.
290
291
292   When using OCSP, the response is signed by the OCSP server, which is
293   trusted by the receiver.  Depending on local policy, further
294   verification of the validity of the OCSP servers MAY need to be done.
295
296
297   The client and the KDC SHOULD ignore invalid OCSP responses received
298   via this mechanism, and they MAY implement CRL processing logic as a
299   fall-back position, if the OCSP responses received via this mechanism
300   alone are not sufficient for the verification of certificate
301   validity.  The client and/or the KDC MAY ignore a valid OCSP response
302   and perform their own revocation status verification independently.
303
304
305
306
307
308
309
310
311
312Zhu, et al.             Expires February 8, 2005                [Page 5]
313Internet-Draft          OCSP Support for PKINIT              August 2004
314
315
316
3174.  Security Considerations
318
319
320   The pre-authentication data in this document do not actually
321   authenticate any principals, and MUST be used in conjunction with
322   PKINIT.
323
324
325   There is a downgrade attack against clients which want OCSP responses
326   from the KDC for the KDC's certificates.  The clients, however, can
327   treat the absence of valid OCSP responses as an error, based on their
328   local configuration.
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371Zhu, et al.             Expires February 8, 2005                [Page 6]
372Internet-Draft          OCSP Support for PKINIT              August 2004
373
374
375
3765.  IANA Considerations
377
378
379   This document defines a new pre-authentication type for use with
380   PKINIT to encode OCSP responses.  The official value for this padata
381   identifier need to be acquired from IANA.
382
383
3846  References
385
386
387   [CLARIFICATIONS]
388              Neuman, B., Yu, Y., Hartman, S. and K. Raeburn, "The
389              Kerberos Network Authentication Service (V5)", 
390              draft-ietf-krb-wg-kerberos-clarifications, Work in 
391              progress.
392
393
394   [PKINIT]   Tung, B. and B. Neuman, "Public Key Cryptography for
395              Initial Authentication in Kerberos", 
396              draft-ietf-cat-kerberos-pk-init, Work in progress.
397
398
399   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
400              Requirement Levels", BCP 14, RFC 2119, March 1997.
401
402
403   [RFC2560]  Myers, M., Ankney, R., Malpani, A., Galperin, S. and C.
404              Adams, "X.509 Internet Public Key Infrastructure Online
405              Certificate Status Protocol - OCSP", RFC 2560, June 1999.
406
407
408
409Authors' Addresses
410
411
412   Larry Zhu
413   Microsoft Corporation
414   One Microsoft Way
415   Redmond, WA  98052
416   US
417
418
419   EMail: lzhu@microsoft.com
420
421
422
423   Karthik Jaganathan
424   Microsoft Corporation
425   One Microsoft Way
426   Redmond, WA  98052
427   US
428
429
430   EMail: karthikj@microsoft.com
431
432
433
434
435
436
437
438
439
440
441Zhu, et al.             Expires February 8, 2005                [Page 7]
442Internet-Draft          OCSP Support for PKINIT              August 2004
443
444
445
446   Nicolas Williams
447   Sun Microsystems
448   5300 Riata Trace Ct
449   Austin, TX  78727
450   US
451
452
453   EMail: Nicolas.Williams@sun.com
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499Zhu, et al.             Expires February 8, 2005                [Page 8]
500Internet-Draft          OCSP Support for PKINIT              August 2004
501
502
503
504Intellectual Property Statement
505
506
507   The IETF takes no position regarding the validity or scope of any
508   Intellectual Property Rights or other rights that might be claimed to
509   pertain to the implementation or use of the technology described in
510   this document or the extent to which any license under such rights
511   might or might not be available; nor does it represent that it has
512   made any independent effort to identify any such rights.  Information
513   on the procedures with respect to rights in RFC documents can be
514   found in BCP 78 and BCP 79.
515
516
517   Copies of IPR disclosures made to the IETF Secretariat and any
518   assurances of licenses to be made available, or the result of an
519   attempt made to obtain a general license or permission for the use of
520   such proprietary rights by implementers or users of this
521   specification can be obtained from the IETF on-line IPR repository at
522   http://www.ietf.org/ipr.
523
524
525   The IETF invites any interested party to bring to its attention any
526   copyrights, patents or patent applications, or other proprietary
527   rights that may cover technology that may be required to implement
528   this standard.  Please address the information to the IETF at
529   ietf-ipr@ietf.org.
530
531
532
533Disclaimer of Validity
534
535
536   This document and the information contained herein are provided on an
537   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
538   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
539   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
540   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
541   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
542   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
543
544
545
546Copyright Statement
547
548
549   Copyright (C) The Internet Society (2004).  This document is subject
550   to the rights, licenses and restrictions contained in BCP 78, and
551   except as set forth therein, the authors retain all their rights.
552
553
554
555Acknowledgment
556
557
558   This document was based on conversations among the authors, Jeffrey 
559   Altman, Sam Hartman, Martin Rex, and other members of the Kerberos 
560   working group.
561
562
563
564
565
566Zhu, et al.             Expires February 8, 2005                [Page 9]