Hi Oleg, My understanding is that a TLS server and client can skip sending a CertificateStatus even if it has negotiated support of OSCP stapling. I assume that the reason is that the server might not get a response from the OSCP server in time and might then decide to continue the handshake without OSCP stapling. It is then up to the other endpoint to decide if that is acceptable or if the connection should be terminated.
Note that in TLS 1.3, there is no CertificateStatus messages. TLS 1.3 uses a CertificateStatus structure in a "status_request" extension in the Certificate message. RFC 8446 does not give any additional advice for the server but writes “If the client opts to send an OCSP response”. >then "MUST Implement" of RFC 9190 has no effect since it's >possible to implement an EAP-TLS 1.3 server that never >responds to OCSP stapling request My understanding is that the EAP-TLS implementation needs to support OCSP stapling. It must be possible to configure the EAP-TLS server so that it actually sends CertificateStatus structures. I would say that a EAP-TLS 1.3 that cannot be configured to send CertificateStatus structures is not compliant to RFC 9190. Cheers, John From: Emu <emu-boun...@ietf.org> on behalf of Oleg Pekar <oleg.pekar.2...@gmail.com> Date: Tuesday, 20 December 2022 at 13:17 To: EMU WG <emu@ietf.org> Subject: [Emu] Clarification about OCSP Stapling in EAP-TLS 1.3 Dear workgroup, Please help me to clarify the next question. RFC 9190 "EAP-TLS 1.3", Section "5.4. Certificate Revocation" says: "EAP-TLS servers supporting TLS 1.3 MUST implement Certificate Status Requests (OCSP stapling) as specified in [RFC6066] and Section 4.4.2.1 of [RFC8446]" Wording "MUST Implement" doesn't explicitly specify whether an EAP-TLS server must reply to a particular peer's OCSP stapling request or not. RFC 6066 "TLS Extensions Definition", Section "8. Certificate Status Request" says: "Note that a server MAY also choose not to send a "CertificateStatus" message, even if has received a "status_request" extension in the client hello message and has sent a "status_request" extension in the server hello message." These two references create ambiguity, as I see it - is it mandatory for EAP-TLS server to respond to OCSP stapling request? If not, per RFC 6066, then "MUST Implement" of RFC 9190 has no effect since it's possible to implement an EAP-TLS 1.3 server that never responds to OCSP stapling request and it is equal to not implementing OCSP stapling at all. This is what I would be happy to clarify. Note: there's at least one scenario when an EAP-TLS server has a good motivation not to send CertificateStatus message - when the peer send the list of trusted OCSP Responders where the server's OCSP Responder is not mentioned. Thanks Oleg
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
