Implementation of TLS OCSP Stapling
Hi all,
About a year ago, Torsten already asked for OCSP stapling (http://dovecot.org/pipermail/dovecot/2015-April/100632.html).
Unfortunately, there was no answer to his question.
Now RFC 7633 ("TLS Feature Extension", https://tools.ietf.org/html/rfc7633, a.k.a. "Must Staple") has landed, revocation is getting serious! I personally would like to embed all my TLS certificates with the must-staple extension. The great project Let's Encrypt already supports it: https://github.com/letsencrypt/boulder/pull/1224
I'm aware most MTAs don't really care about the certificate, but big players as Google take TLS encryption very seriously: https://googleblog.blogspot.nl/2016/02/building-safer-web-for-everyone.html
So I would like to know if Dovecot is planning to feature OCSP stapling. That way I know for sure my "must staple" certificates can be used by Dovecot. And in my opinion, every TLS offering daemon should be up to par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter?
Thanks in advance for any anwser!
Greets, Osiris
dovecot:
So I would like to know if Dovecot is planning to feature OCSP stapling. That way I know for sure my "must staple" certificates can be used by Dovecot. And in my opinion, every TLS offering daemon should be up to par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter?
OCSP stapling [c|s]hould be implemented on a server if clients *use*
that data.
For WebBrowser this is true.
But I'm not aware of any MUA or MTA that validate certificates via OCSP.
Andreas
On 03-03-16 13:04, A. Schulze wrote:
dovecot:
So I would like to know if Dovecot is planning to feature OCSP stapling. That way I know for sure my "must staple" certificates can be used by Dovecot. And in my opinion, every TLS offering daemon should be up to par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter?
OCSP stapling [c|s]hould be implemented on a server if clients *use* that data. For WebBrowser this is true.
But I'm not aware of any MUA or MTA that validate certificates via OCSP.
Andreas
Well, that's a nice case of the chicken vs. egg problem, now isn't it ;)
Unfortunately, certificate validation doesn't have a very good track record when it comes to MTA's.. They'll accept self-signed certificates, untrusted certificates, heck, they'll trust as far as I know almost anything! Luckily, MUA's are a little bit more security-concerened, as is Google/GMail.
But is that really a reason *not* to implement a feature? Shouldn't a developer think: "OK, I want my MTA to be the best! I want to be on the top of the list of all the MTA's out there." in stead of thinking "OK, I'm fine with being mediocre, I don't care.."? :)
On March 3, 2016 at 2:15 PM dovecot@flut.demon.nl wrote:
On 03-03-16 13:04, A. Schulze wrote:
dovecot:
So I would like to know if Dovecot is planning to feature OCSP stapling. That way I know for sure my "must staple" certificates can be used by Dovecot. And in my opinion, every TLS offering daemon should be up to par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter?
OCSP stapling [c|s]hould be implemented on a server if clients *use* that data. For WebBrowser this is true.
But I'm not aware of any MUA or MTA that validate certificates via OCSP.
Andreas
Well, that's a nice case of the chicken vs. egg problem, now isn't it ;)
Unfortunately, certificate validation doesn't have a very good track record when it comes to MTA's.. They'll accept self-signed certificates, untrusted certificates, heck, they'll trust as far as I know almost anything! Luckily, MUA's are a little bit more security-concerened, as is Google/GMail.
But is that really a reason *not* to implement a feature? Shouldn't a developer think: "OK, I want my MTA to be the best! I want to be on the top of the list of all the MTA's out there." in stead of thinking "OK, I'm fine with being mediocre, I don't care.."? :)
We will take this feature under consideration and see if it can be implemented in future release. Thank you for your suggestion!
Aki Tuomi Dovecot Oy
On 03-03-16 13:58, aki.tuomi@dovecot.fi wrote:
On March 3, 2016 at 2:15 PM dovecot@flut.demon.nl wrote:
On 03-03-16 13:04, A. Schulze wrote:
dovecot:
So I would like to know if Dovecot is planning to feature OCSP stapling. That way I know for sure my "must staple" certificates can be used by Dovecot. And in my opinion, every TLS offering daemon should be up to par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter? OCSP stapling [c|s]hould be implemented on a server if clients *use* that data. For WebBrowser this is true.
But I'm not aware of any MUA or MTA that validate certificates via OCSP.
Andreas Well, that's a nice case of the chicken vs. egg problem, now isn't it ;)
Unfortunately, certificate validation doesn't have a very good track record when it comes to MTA's.. They'll accept self-signed certificates, untrusted certificates, heck, they'll trust as far as I know almost anything! Luckily, MUA's are a little bit more security-concerened, as is Google/GMail.
But is that really a reason *not* to implement a feature? Shouldn't a developer think: "OK, I want my MTA to be the best! I want to be on the top of the list of all the MTA's out there." in stead of thinking "OK, I'm fine with being mediocre, I don't care.."? :) We will take this feature under consideration and see if it can be implemented in future release. Thank you for your suggestion!
Aki Tuomi Dovecot Oy Thank *you* for taking security seriously! Let's hope client development will also take a interest in OCSP stapling, including the TLS Feature Extension, if there are servers out there who actually implement it :)
On 3/03/2016 11:58 PM, aki.tuomi@dovecot.fi wrote:
We will take this feature under consideration and see if it can be implemented in future release. Thank you for your suggestion!
As much as I hate Outlook (Look Out!), there are loads of people using really old versions; 2003 is no longer supported, but loads of people use 2007. Thunderbird can be expected to be far more up to date.
Implementing features to work with older clients will always be a problem.
Just a simple example, almost unrelated here, but this is either wrong by TB or wrong by Outlook (versions 2007, 2010 and 2013 that I know of).
When the IMAP server sends a message, OL will pop up a window that requires the user to acknowledge the message via a popup. TB just pops up the message in the normal 'new mail' notify if that is configured and it might be lost if notify isn't set to show.
Either way, the implementation is different b/w the two client products. Is OL right or is TB right... IMAP doco says that the message should be made to be acknowledged by the client; OL's version can't easily be ignored or missed, but TB's can easily be missed. But TB's implementation is more user friendly if the server wants to keep sending messages from time to time. I considered using this for MOTD type stuff and maybe random inspirational or motivational messages; even to remind or inform users to do certain things [one example in the dovecot wiki is to advise that the vacation message is still active]. A TB notification is next to harmless, but an OL one needs to be acknowledged every time, which would be very painful.
Anyway, the point is that if a feature is added for OCSP stabling support, you couldn't really expect older versions of Look Out to comply with it (even though M$ could patch it easily, they care less about older versions than getting people to subscribe to Office 365 these days).
Cheers A.
Op 3-3-2016 om 13:04 schreef A. Schulze:
dovecot:
So I would like to know if Dovecot is planning to feature OCSP stapling. That way I know for sure my "must staple" certificates can be used by Dovecot. And in my opinion, every TLS offering daemon should be up to par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter?
OCSP stapling [c|s]hould be implemented on a server if clients *use* that data. For WebBrowser this is true.
But I'm not aware of any MUA or MTA that validate certificates via OCSP.
OCSP stapling [c|s]hould be implemented on a client if servers *provide* that data.
So, who's going to be first... the chicken or the egg? :)
Regards,
Stephan.
Op 3-3-2016 om 13:04 schreef A. Schulze:
dovecot:
So I would like to know if Dovecot is planning to feature OCSP stapling. That way I know for sure my "must staple" certificates can be used by Dovecot. And in my opinion, every TLS offering daemon should be up to par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter?
OCSP stapling [c|s]hould be implemented on a server if clients *use* that data. For WebBrowser this is true.
But I'm not aware of any MUA or MTA that validate certificates via OCSP.
BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. At least it should be relatively easy to add/enable there.
Regards,
Stephan.
On 03/03/2016 07:30 AM, Stephan Bosch wrote:
BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys....
On 03-03-16 14:09, Gedalya wrote:
On 03/03/2016 07:30 AM, Stephan Bosch wrote:
BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys....
OCSP status querying isn't the same as verifying stapled OCSP responses though. Can't find Thunderbird's support for stapling unfortunately..
On 03/03/2016 08:17 AM, dovecot@flut.demon.nl wrote:
On 03/03/2016 07:30 AM, Stephan Bosch wrote:
BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys.... OCSP status querying isn't the same as verifying stapled OCSP responses
On 03-03-16 14:09, Gedalya wrote: though. Can't find Thunderbird's support for stapling unfortunately.. No, it's not the same, but the claim was no use of OCSP at all. Either way, this guy claims Thunderbird uses stapling, but with HTTP? http://mobilesociety.typepad.com/mobile_life/2015/03/ocsp-stapling-and-andro... As Stephan pointed out, it's the same code base as Firefox. If someone can name an IMAP server that supports stapling, we could test it.
On 03-03-16 14:23, Gedalya wrote:
On 03/03/2016 08:17 AM, dovecot@flut.demon.nl wrote:
On 03/03/2016 07:30 AM, Stephan Bosch wrote:
BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys.... OCSP status querying isn't the same as verifying stapled OCSP responses
On 03-03-16 14:09, Gedalya wrote: though. Can't find Thunderbird's support for stapling unfortunately.. No, it's not the same, but the claim was no use of OCSP at all. Either way, this guy claims Thunderbird uses stapling, but with HTTP? http://mobilesociety.typepad.com/mobile_life/2015/03/ocsp-stapling-and-andro... As Stephan pointed out, it's the same code base as Firefox. If someone can name an IMAP server that supports stapling, we could test it. Hmm, that article does mention the request of OCSP status during the TLS session handshake and I can confirm this on my own Thunderbird: the
ClientHellohandshake part *does* include a "status_request" extension of the type OCSP.
So we can assure Andreas there're clients out there who use it :)
participants (7)
-
A. Schulze
-
aki.tuomi@dovecot.fi
-
Andrew McGlashan
-
dovecot@flut.demon.nl
-
Gedalya
-
Osiris
-
Stephan Bosch