Re: Origin Signed Responses and certificate requirements from Ilari Liusvaara on 2018-04-17 (ietf-http-wg@w3.org from April to June 2018)

From: Ilari Liusvaara <ilariliusvaara@welho.com>
Date: Tue, 17 Apr 2018 22:43:04 +0300
To: Jeffrey Yasskin <jyasskin@chromium.org>
Cc: Mike Bishop <mbishop@evequefou.be>, Yoav Weiss <yoav@yoav.ws>, ryan-ietf@sleevi.com, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20180417194304.GA12100@LK-Perkele-VII>

On Tue, Apr 17, 2018 at 06:44:36PM +0000, Jeffrey Yasskin wrote:
> I'm nervous about shortening OCSP lifetime for signed exchanges because one
> of the use cases is for P2P sharing between offline clients. It's true that
> the OCSP response is cheap to transfer, but I suspect we can't ask the user
> to turn on their mobile data while they're loading the app they got from
> their friend, partly because phone OSes aren't designed to just transfer
> the one cheap thing when they get online, and partly because the data plan
> may be completely used up for the month.

I am also worried if one could get certificates from much shorter OCSP
lifetimes from CAs.

> "Just use the non-TLS signing key" bifurcates the set of packages. Even
> though many apps will be designed for offline use and so can choose to use
> the right kind of certificate, it'd be nice for folks to be able to share
> pages served by Akamai too.

The page itself has some control, so if the page holder can get a
certificate for themselves and the deployment has not been made
unacceptably hard (e.g., any MUST-level key protection requirements),
then the owner should be able to do it themselves, regardless of having
Akamai/Cloudflare or whatever on the front.

> I do think we can make it easier to detect stolen keys for signed
> exchanges, using an idea similar to
> https://lists.w3.org/Archives/Public/ietf-http-wg/2018AprJun/0057.html.

One should notice that one of the main uses (at least so "they" claim)
for SC is improved privacy (the other being even more cross-origin CDN
connection reuse). And for the thing to work that way, it has to be
as steathy as possible.

Which makes it pretty hard to contact the origin server in DNS (the
main problem being the IP connection, not so much DNS lookup anymore).

But maybe SE operates differently. However, based on the above, one
can not assume Internet connectivity when using the SE, which would
form another form of constraint.

-Ilari

Received on Tuesday, 17 April 2018 19:43:42 UTC