Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8257766

Add support for RFC 8954: Online Certificate Status Protocol (OCSP) Nonce Extension

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 17
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Interface Kind:
      System or security property
    • Scope:
      JDK

      Description

      Summary

      Add support for RFC 8954 (Online Certificate Status Protocol (OCSP) Nonce Extension) to the JDK PKIX implementation. Introduce a system property named jdk.security.certpath.ocspNonce to enable use of the nonce extension.

      Problem

      The PKIXRevocationChecker checks the revocation status of certificates with the OCSP responders. The current implementation has protections against replay attacks using the date-based approach of OCSP freshness determination specified in section 7.1 of RFC 5019 [1]. Adding the nonce extension to bind the OCSP request and response is an improvement.

      Solution

      The current implementation in PKIXRevocationChecker requires the OCSP response to be timely using the date-based approach against replay attacks. Defining a system property jdk.security.certpath.ocspNonce to enable nonce extension is an improvement.

      As RFC 8954 [2] states that if the nonce extension is present, then the length of the nonce must be at least 1 octet and can be up to 32 octets, and OCSP responders must accept lengths of at least 16 octets. To have a conforming implementation, the default nonce length is defined as 16-byte by jdk.security.certpath.ocspNonce=true, where 16-byte is also same as OpenSSL default.

      System property jdk.security.certpath.ocspNonce is disabled by default for compatibility. This is because RFC 5019 [1] states that clients should not include the requestExtensions structure, and if a requestExtensions structure is included, this profile recommends that it contain only the nonce extension.

      Reference:

      [1] https://tools.ietf.org/html/rfc5019

      [2] https://tools.ietf.org/html/rfc8954

      Specification

      "Java PKI Programmer's Guide" section in Security Developer's Guide:

      Support for the nonce extension in OCSP requests can be configured with the system property jdk.security.certpath.ocspNonce. It is disabled by default, and can be enabled by setting it to the value true. If set to true, the JDK implementation of PKIXRevocationChecker includes a Nonce extension containing a 16 byte nonce with each OCSP request.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hchao Haimay Chao
              Reporter:
              mullan Sean Mullan
              Reviewed By:
              Jamil Nimeh, Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: