-
Notifications
You must be signed in to change notification settings - Fork 4
/
872.txt
296 lines (221 loc) · 13.6 KB
/
872.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
[27] [DFN[OCSP Stapling]] は、 [[TLS handshake]] において [[OCSP応答]]を
[[TLSサーバー]]から[[TLSクライアント]]へと送信するものです。
これによって[[クライアント]]は別途 [[OCSPサーバー]]に照会することなく[[サーバー証明書]]が[[失効]]していないか確認できます。
;; [28] [[OCSP応答]]は [[CA]] により[[署名]]されていますから、
直接の送信元が誰であっても (正しく[[署名]]されていることが確認できる限りは)
信用できます。
* 仕様書
[REFS[
- [1] [CITE@en[RFC 6066 - Transport Layer Security (TLS) Extensions: Extension Definitions]]
([TIME[2015-02-01 18:07:52 +09:00]] 版)
<https://tools.ietf.org/html/rfc6066#section-8>
- [8] [CITE@en[RFC 7633 - X.509v3 Transport Layer Security (TLS) Feature Extension]]
([TIME[2016-03-31 08:08:39 +09:00]])
<https://tools.ietf.org/html/rfc7633>
- [9] [CITE[RFC Errata Report » RFC Editor]]
([TIME[2016-05-09 21:20:19 +09:00]])
<https://www.rfc-editor.org/errata_search.php?rfc=7633>
]REFS]
* 構文
[63] [[OCSP応答]]はいくつでも含めることができますが、
通常は1つだけ ([[中間証明書]]のものは含めない) とするようです。
* OCSP must-staple
[30] [DFN[OCSP must-staple]] は、 [[OCSP stapling]] を必須とする[[証明書]]のフラグです。
[66]
[CODE[tlsfeature]]
[[証明書拡張]]に値
[CODE[5]]
を指定することにより、有効となります。
[31] [[TLS]] の[[サーバー証明書]]で [[OCSP must-staple]] が有効な場合、
当該 [[TLS handshake]] で [[OCSP stapling]] によって[[証明書]]の有効性を検証できない場合、
失敗しとして扱わなければなりません。
[40] [[Let's Encrypt]] などいくつかの [[CA]] が [[must-staple]] フラグ付き[[証明書]]を発行している
(フラグを付けるオプションを提供している) ようです。
[[OpenSSL]] で [[must-staple]] フラグ付き[[証明書]]を発行できます。
[67] しかし実際にフラグを立てた[[証明書]]はなかなか見かけません。
[41] [[クライアント]]としては [[Firefox]] が対応しています。
[[Chrome]] は対応の予定が無いようです [SRC[>>37]]。
* 利用例
[29] [[OCSP stapling]] を利用した [[Webサイト]]の例:
[REFS[
- [20] [CITE[CloudFlare - The web performance & security company]] ([TIME[2016-05-10 09:01:47 +09:00]]) <https://www.cloudflare.com/>
- [21] [CITE@en[Bugzilla Main Page]] ([TIME[2016-05-11 20:40:12 +09:00]]) <https://bugzilla.mozilla.org/>
- [22] [CITE[Amazon | 本, ファッション, 家電から食品まで | アマゾン]] ([TIME[2016-05-11 20:44:07 +09:00]]) <https://www.amazon.co.jp/>
- [62]
<https://mozilla.org/> [TIME[2018-01-30T15:11:45.00Z]]
- [64] <https://www.w3.org/> [TIME[2018-01-30T15:15:50.400Z]]
]REFS]
[38] [[OCSP stapling]] + [[must-staple]] の例:
[REFS[
- [39] [CITE[suche.org : Welcome]] ([[Thomas Lußnig]] 著, [TIME[2016-05-31 00:04:22 +09:00]] 版) <https://suche.org/>
]REFS]
* 関連
[23] [[OCSP Multi-Stapling]] もあります。
* 歴史
[2] [CITE@en[Security/Server Side TLS - MozillaWiki]]
([TIME[2015-03-22 14:32:49 +09:00]] 版)
<https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling>
[3] [CITE@en[CA:RevocationPlan - MozillaWiki]]
( ([TIME[2016-05-09 14:49:37 +09:00]]))
<https://wiki.mozilla.org/CA:RevocationPlan>
[4] [CITE@en-US[OCSP Stapling in Firefox | Mozilla Security Blog]]
( ([TIME[2016-05-09 20:06:13 +09:00]]))
<https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/>
[5] [CITE@en-US[Improving Revocation: OCSP Must-Staple and Short-lived Certificates | Mozilla Security Blog]]
( ([TIME[2016-05-09 20:09:44 +09:00]]))
<https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/>
[6] [CITE@en[ImperialViolet - No, don't enable revocation checking]]
( ([[Adam Langley]]著, [TIME[2016-05-09 20:59:09 +09:00]]))
<https://www.imperialviolet.org/2014/04/19/revchecking.html>
[7] [CITE@en[draft-hallambaker-muststaple-00 - X.509v3 Extension: OCSP Stapling Required]]
( ([TIME[2016-03-27 22:08:53 +09:00]]))
<https://tools.ietf.org/html/draft-hallambaker-muststaple-00>
[10] [CITE[OCSP Must-Staple と OCSP Multi-Stapling、及び OneCRL|サイバートラスト]]
( ([TIME[2016-05-09 21:25:07 +09:00]]))
<https://www.cybertrust.ne.jp/journal/ocsp-must-staple-ocsp-multi-stapling-onecrl.html>
[11] [CITE@en[Improving revocation : will Let's Encrypt support OCSP Must-staple? - Feature Requests - Let's Encrypt Community Support]]
([TIME[2016-05-09 21:31:05 +09:00]])
<https://community.letsencrypt.org/t/improving-revocation-will-lets-encrypt-support-ocsp-must-staple/4334/>
[12] [CITE@en[Issue 572734 - chromium - Support for OCSP Must-staple - Monorail]]
( ([TIME[2016-05-09 21:33:11 +09:00]]))
<https://bugs.chromium.org/p/chromium/issues/detail?id=572734>
[13] [CITE@en[901698 – implement OCSP-must-staple (off by default)]]
( ([TIME[2016-05-09 21:33:58 +09:00]]))
<https://bugzilla.mozilla.org/show_bug.cgi?id=901698>
[14] [CITE['''['''websec''']''' Requiring OCSP Stapling as a directive in HSTS]]
( ([TIME[2015-04-27 20:20:37 +09:00]]))
<https://www.ietf.org/mail-archive/web/websec/current/msg02297.html>
[15] [CITE@en[921907 – Enable OCSP must-staple feature]]
( ([TIME[2016-05-09 21:46:19 +09:00]]))
<https://bugzilla.mozilla.org/show_bug.cgi?id=921907>
[16] [CITE[JEP 249: OCSP Stapling for TLS]]
( ([TIME[2016-05-09 22:20:19 +09:00]]))
<http://openjdk.java.net/jeps/249>
[17] [CITE@en[Bug 50740 – Enable OCSP Stapling by default]]
( ([TIME[2016-05-09 22:24:33 +09:00]]))
<https://bz.apache.org/bugzilla/show_bug.cgi?id=50740>
[18] [CITE@en[360420 – Implement OCSP Stapling in libSSL]]
( ([TIME[2016-05-09 22:25:14 +09:00]]))
<https://bugzilla.mozilla.org/show_bug.cgi?id=360420>
[19] [CITE@en[gecko-dev/NSSCertDBTrustDomain.cpp at master · mozilla/gecko-dev]]
( ([TIME[2016-05-10 22:46:40 +09:00]]))
<https://github.com/mozilla/gecko-dev/blob/master/security/certverifier/NSSCertDBTrustDomain.cpp>
[24] [CITE@en[OpenSSL]]
( ([[OpenSSL Foundation, Inc.]]著, [TIME[2016-05-28 15:30:23 +09:00]]))
<https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_status_cb.html>
[25] [CITE@en[OpenSSL]]
( ([[OpenSSL Foundation, Inc.]]著, [TIME[2016-05-28 15:41:29 +09:00]]))
<https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_status_cb.html>
[26] [CITE@en[nginx/ngx_event_openssl_stapling.c at master · nginx/nginx]]
( ([TIME[2016-05-29 00:30:40 +09:00]]))
<https://github.com/nginx/nginx/blob/master/src/event/ngx_event_openssl_stapling.c>
[FIG(quote)[
[FIGCAPTION[
[32] [CITE@en[OpenSSL]]
( ([[OpenSSL Foundation, Inc.]]著, [TIME[2016-05-30 18:30:06 +09:00]]))
<https://www.openssl.org/docs/manmaster/apps/x509v3_config.html#TLS-Feature-aka-Must-Staple>
]FIGCAPTION]
> TLS Feature (aka Must Staple)
> This is a multi-valued extension consisting of a list of TLS extension identifiers. Each identifier may be a number (0..65535) or a supported name. When a TLS client sends a listed extension, the TLS server is expected to include that extension in its reply.
> The supported names are: status_request and status_request_v2.
> Example:
> tlsfeature = status_request
]FIG]
[33] [CITE@en[Diff - 6c7aed048ca0a335e02dfee10976c5dc8620783e^! - boringssl - Git at Google]]
( ([TIME[2016-05-30 19:27:05 +09:00]]))
<https://boringssl.googlesource.com/boringssl/+/6c7aed048ca0a335e02dfee10976c5dc8620783e%5E!/>
[34] [CITE@en[Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). by robstradling · Pull Request #495 · openssl/openssl]]
( ([TIME[2016-05-30 22:53:46 +09:00]]))
<https://github.com/openssl/openssl/pull/495>
[35] [CITE@en[DigiCert OCSP-Stapling Improves NGINX Server Security | DigiCert Blog]]
( ([TIME[2016-05-30 23:31:28 +09:00]]))
<https://blog.digicert.com/digicert-ocsp-stapling-improves-nginx-security/>
[36] [CITE[How to simply check if a certificate has the OCSP must-staple attribute? - Information Security Stack Exchange]]
( ([TIME[2016-05-30 23:37:38 +09:00]]))
<http://security.stackexchange.com/questions/119316/how-to-simply-check-if-a-certificate-has-the-ocsp-must-staple-attribute>
[37] [CITE[Feature request: OCSP Must Staple (RFC 7633) - Google グループ]]
( ([TIME[2016-05-30 23:52:06 +09:00]]))
<https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/-pB8IFNu5tw>
[42] [CITE@en[Add support for OCSP Must-Staple · Issue #249 · ebekker/ACMESharp]]
([TIME[2018-01-29 23:50:37 +09:00]])
<https://github.com/ebekker/ACMESharp/issues/249>
[43] [CITE@en[Improving revocation : will Let's Encrypt support OCSP Must-staple? - Feature Requests - Let's Encrypt Community Support]]
([TIME[2018-01-29 23:51:09 +09:00]])
<https://community.letsencrypt.org/t/improving-revocation-will-lets-encrypt-support-ocsp-must-staple/4334/25>
[44] [CITE@en[Support OCSP must staple · Issue #104 · jetstack/kube-lego]]
([TIME[2018-01-29 23:51:48 +09:00]])
<https://github.com/jetstack/kube-lego/issues/104>
[45] [CITE@en[OCSP Must-Staple (TLS Feature extension) · Issue #3891 · pyca/cryptography]]
([TIME[2018-01-29 23:53:07 +09:00]])
<https://github.com/pyca/cryptography/issues/3891>
[46] [CITE@en[/docs/manmaster/man5/x509v3_config.html]]
([[OpenSSL Foundation, Inc.]]著, [TIME[2018-01-29 23:54:34 +09:00]])
<https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#TLS-Feature-aka-Must-Staple>
[47] [CITE@en[High-reliability OCSP stapling and why it matters]]
([TIME[2018-01-29 23:55:46 +09:00]])
<https://blog.cloudflare.com/high-reliability-ocsp-stapling/>
[FIG(quote)[
[FIGCAPTION[
[48] [CITE@en[High-reliability OCSP stapling and why it matters]]
([TIME[2018-01-29 23:55:46 +09:00]])
<https://blog.cloudflare.com/high-reliability-ocsp-stapling/>
]FIGCAPTION]
> Firefox enforces OCSP must-staple, returning the following error if such a certificate is presented without a stapled OCSP response.
> Chrome provides the ability to mark a domain as “Expect-Staple”. If Chrome sees a certificate for the domain without a staple, it will send a report to a pre-configured report endpoint.
]FIG]
[49] [CITE@ja[OCSP Expect-Staple - Google ドキュメント]]
([TIME[2018-01-30 00:10:16 +09:00]])
<https://docs.google.com/document/d/1aISglJIIwglcOAhqNfK-2vtQl-_dWAapc-VLDh-9-BE/edit#heading=h.rkpittae54q>
[50] [CITE@en[1323141 - tryLater OCSP response causes hard failure when stapled]]
([TIME[2018-01-30 00:19:51 +09:00]])
<https://bugzilla.mozilla.org/show_bug.cgi?id=1323141>
[51] [CITE@en[How to Resolve the "Secure Connection Failed" Certificate Error in Firefox | Alexander's Blog]]
([TIME[2018-01-30 17:05:51 +09:00]])
<https://www.zubairalexander.com/blog/how-to-resolve-the-secure-connection-failed-error-in-firefox/>
[52] [CITE@en[Can not access gogs.io by Firefox · Issue #3606 · gogits/gogs]]
([TIME[2018-01-30 17:07:37 +09:00]])
<https://github.com/gogits/gogs/issues/3606>
[53] [CITE@en[TLS/OSCP Issues on gogs.io with Firefox · Issue #3793 · gogits/gogs]]
([TIME[2018-01-30 17:10:15 +09:00]])
<https://github.com/gogits/gogs/issues/3793>
[54] [CITE@en[OCSP server sending expired responses + stapling breaks Chrome - Help - Let's Encrypt Community Support]]
([TIME[2018-01-30 18:10:24 +09:00]])
<https://community.letsencrypt.org/t/ocsp-server-sending-expired-responses-stapling-breaks-chrome/23964>
[55] [CITE@en[OCSP stapling should not be green "Yes" for sites with revoked certificates · Issue #142 · ssllabs/ssllabs-scan]]
([TIME[2018-01-30 18:12:33 +09:00]])
<https://github.com/ssllabs/ssllabs-scan/issues/142>
[FIG(quote)[
[FIGCAPTION[
[56] [CITE@ja[Secure Connection Failed | Firefox サポートフォーラム | Mozilla サポート]]
([TIME[2018-01-30 18:17:27 +09:00]])
<https://support.mozilla.org/ja/questions/1161980>
]FIGCAPTION]
> The problem lies with Microsoft, whose servers (in layman's terms) send an expired assurance that their SSL certificate is still valid.
> Unfortunately it turns out that Firefox is the only browser checking for this on each secure https site it is loading.
> (whereas other browsers glance over that and only check for :
> https://en.wikipedia.org/wiki/Extended_Validation_Certificate).
]FIG]
[57] [CITE@bm[An error occurred during a connection to tools.usps.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT | Firefox Support Forum | Mozilla Support]]
([TIME[2018-01-30 18:29:14 +09:00]])
<https://support.mozilla.org/bm/questions/1179899>
[58] [CITE@en[727255 - Invalid OCSP stapled responses don't cause a spec-mandated connection abort - chromium - Monorail]]
([TIME[2018-01-30 18:29:30 +09:00]])
<https://bugs.chromium.org/p/chromium/issues/detail?id=727255>
[59] [CITE[Security FAQ - The Chromium Projects]]
([TIME[2018-01-30 16:44:16 +09:00]])
<https://dev.chromium.org/Home/chromium-security/security-faq#TOC-What-s-the-story-with-certificate-revocation->
[60] [CITE@en[ocsp-stapling.md]]
([TIME[2018-01-30 18:52:02 +09:00]])
<https://gist.github.com/sleevi/5efe9ef98961ecfb4da8>
[61] [CITE@en[50740 – Enable OCSP Stapling by default]]
([TIME[2018-01-30 18:56:16 +09:00]])
<https://bz.apache.org/bugzilla/show_bug.cgi?id=50740>
[65]
[[RFC 7633]]
には
[CITE[Transport Layer Security (TLS) Extensions]] ([TIME[2018-08-17 03:30:07 +09:00]]) <https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml>
に
[[IANA登録簿]]があると書いてあるが、
実際には存在せず、
他の場所にも見当たらず。
[TIME[2018-08-26T15:17:28.400Z]]