Hi Oleg,
My understanding is that a TLS server and client can skip sending a
CertificateStatus even if it has negotiated support of OSCP stapling. I assume
that the reason is that the server might not get a response from the OSCP
server in time and might then decide to continue the handshake without OSCP
stapling. It is then up to the other endpoint to decide if that is acceptable
or if the connection should be terminated.
Note that in TLS 1.3, there is no CertificateStatus messages. TLS 1.3 uses a
CertificateStatus structure in a "status_request" extension in the Certificate
message. RFC 8446 does not give any additional advice for the server but writes
“If the client opts to send an OCSP response”.
>then "MUST Implement" of RFC 9190 has no effect since it's
>possible to implement an EAP-TLS 1.3 server that never
>responds to OCSP stapling request
My understanding is that the EAP-TLS implementation needs to support OCSP
stapling. It must be possible to configure the EAP-TLS server so that it
actually sends CertificateStatus structures. I would say that a EAP-TLS 1.3
that cannot be configured to send CertificateStatus structures is not compliant
to RFC 9190.
Cheers,
John
From: Emu on behalf of Oleg Pekar
Date: Tuesday, 20 December 2022 at 13:17
To: EMU WG
Subject: [Emu] Clarification about OCSP Stapling in EAP-TLS 1.3
Dear workgroup,
Please help me to clarify the next question.
RFC 9190 "EAP-TLS 1.3", Section "5.4. Certificate Revocation" says:
"EAP-TLS servers supporting TLS 1.3 MUST implement Certificate Status Requests
(OCSP stapling) as specified in [RFC6066] and Section 4.4.2.1 of [RFC8446]"
Wording "MUST Implement" doesn't explicitly specify whether an EAP-TLS server
must reply to a particular peer's OCSP stapling request or not.
RFC 6066 "TLS Extensions Definition", Section "8. Certificate Status Request"
says:
"Note that a server MAY also choose not to send a "CertificateStatus"
message, even if has received a "status_request" extension in the
client hello message and has sent a "status_request" extension in the
server hello message."
These two references create ambiguity, as I see it - is it mandatory for
EAP-TLS server to respond to OCSP stapling request? If not, per RFC 6066, then
"MUST Implement" of RFC 9190 has no effect since it's possible to implement an
EAP-TLS 1.3 server that never responds to OCSP stapling request and it is equal
to not implementing OCSP stapling at all. This is what I would be happy to
clarify.
Note: there's at least one scenario when an EAP-TLS server has a good
motivation not to send CertificateStatus message - when the peer send the list
of trusted OCSP Responders where the server's OCSP Responder is not mentioned.
Thanks
Oleg
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu