ISSUE-205

OCSP Failure Risk

Add security consideration for OCSP failure

State:
CLOSED
Product:
wsc-xit
Raised by:
Johnathan Nightingale
Opened on:
2008-05-14
Description:
Propose the following subsection be added to section 9, as partial response to ISSUE-203

9.2 - Certificate Status Checking Failures

[ref 5.5.1] The TLS Errors section does not document intended behaviour for web user agents when a certificate status check fails for network or other non-revocation reasons.  At time of writing, the deployment environment for OCSP status checking is fragile and subject to frequent failures, so it is inappropriate to require user agents to treat such failures as warnings or errors.  However, this creates a possibility for attack: site operators using a fraudulently obtained, and revoked, certificate may attempt to attack a CA's revocation infrastructure as a way to suppress revocation errors.  User agent countermeasures for this vulnerability include: exposing failures of certificate validation checks to users as warning[ref] or danger[ref] level messages; or refusal to load sites that fail these checks.
Related Actions Items:
No related actions
Related emails:
  1. Meeting record: 2008-05-14 (from tlr@w3.org on 2008-06-06)
  2. Re: Agenda: WSC WG distributed meeting, Wednesday, 2008-05-28 (from ifette@google.com on 2008-05-27)
  3. Re: Agenda: WSC WG distributed meeting, Wednesday, 2008-05-28 (from steele@adobe.com on 2008-05-27)
  4. Agenda: WSC WG distributed meeting, Wednesday, 2008-05-28 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-05-22)
  5. WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-05-16)
  6. ISSUE-205 (OCSP Failure Risk): Add security consideration for OCSP failure (from sysbot+tracker@w3.org on 2008-05-14)

Related notes:

2008-05-16 18:18:22: ACTION-454 has taken care. [Anil Saldhana]

Changelog:

2008-05-14 09:53:35: Created issue 'Add security consideration for OCSP failure' nickname OCSP Failure Risk owned by Praveen Alavilli on product , description 'Propose the following subsection be added to section 9, as partial response to ISSUE-203 9.2 - Certificate Status Checking Failures [ref 5.5.1] The TLS Errors section does not document intended behaviour for web user agents when a certificate status check fails for network or other non-revocation reasons. At time of writing, the deployment environment for OCSP status checking is fragile and subject to frequent failures, so it is inappropriate to require user agents to treat such failures as warnings or errors. However, this creates a possibility for attack: site operators using a fraudulently obtained, and revoked, certificate may attempt to attack a CA's revocation infrastructure as a way to suppress revocation errors. User agent countermeasures for this vulnerability include: exposing failures of certificate validation checks to users as warning[ref] or danger[ref] level messages; or refusal to load sites that fail these checks.' non-public [Johnathan Nightingale]

2008-05-14 09:54:31: Owner changed to 'Johnathan Nightingale'

2008-05-14 09:54:31: Product changed to wsc-xit

2008-05-16 18:18:22: Status changed to 'closed'

Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker, originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.231 2009/11/16 15:00:54 dom Exp $