Friday, November 26, 2013 Vendor survey Introductory material… What is the intent… WG Charter… etc… Survey Recipients: (will be removed prior to distribution) - “starting with” means that’s the contact I have, but they’ll probably pass it off to someone else to complete. Client (browser/OS): Microsoft - Anoosh Saboori Mozilla - Brian Smith Google - Ryan Sleevi Apple - Geoff Keating Opera - Sigbjørn Vik Blackberry - ? Servers: Microsoft - ? Apache/OpenSSL - starting with Ben Laurie Nginx - ? Oracle (WebLogic, Sun Java Server) - starting with Milt Smith IBM – starting with Tom Gindin F5 - starting with Don Laursen, Danny Luedke Citrix - starting with Steve Shah Coyote Point - starting with Jim McGhee A10 - starting with Phillip Blatzheim Riverbed - starting with Raja Srinivasan Juniper - starting with Kevin Miller Akamai - starting with Steve Ludin Cloudflare – starting with Nick Sullivan RedHat - ? Cisco - ? Server (Web server, CDN, load balancer, OCSP Responder) If you write software that acts as a server in a browser-based SSL/TLS connection, please answer these questions: 1) As of December 2013, which product versions combined constitute 99% of total usage of the vendor's products? [For example: SecureServer (version 11.2) – 60% SecureServer (version 11.0) – 30% SecureServer (version 10.3) – 7% 1 Friday, November 26, 2013 SecureServer (version 10.2) – 2% (total of 99%); 2) Certificate request generation: a. Which cryptographic algorithms/parameters does the product support? Check all that apply. __ RSA 1024 bits __ RSA 2048 bits __ RSA 3072 bits __ RSA 4096 bits __ RSA other key size __ MD2 __ MD4 __ MD5 __ DSA 1024 bits __ DSA 2048 bits __ DSA 3072 bits __ DSA 4096 bits __ DSA other __ SHA1 __ SHA-256 __ SHA-384 __ SHA-512 __ ECC nistp256 __ ECC nistp384 __ ECC nistp521 __ ECC other __ other __ SHA-3 b. Does the product support RSASSA-PSS (RFC4055) __ yes __ no 3) Private key protection: a. Does the product enforce "strong password" requirements? __ yes __ no i. If yes, what are the requirements? b. Does the product support crypto hardware? __ yes __ no i. If yes, what crypto hardware is supported? 4) Certificate installation: a. Does the product validate the certificate path upon installation? __ yes __ no b. Does the product allow PKCS#7 import (in which the PKCS#7 file contains intermediates and end-entity certificates, and the product discerns which is which?) __ yes __ no 5) Key/certificate renewal: Does the product require a restart in order to change its key pair? __ yes __ no 6) Does the product allow for the configuration of multiple certificates using different public key algorithms (RSA, DSA, ECC) but the same Subject DN, and deliver the most appropriate certificate to each client based on the client’s capabilities as indicated in the ClientHello message? __ yes __ no 2 Friday, November 26, 2013 7) Does the product allow for the configuration of multiple certificates using different hash algorithms (SHA-1, SHA-2) but the same Subject DN, and deliver the most appropriate certificate to each client based on the client’s capabilities as indicated in the ClientHello message? __ yes __ no 8) Which versions of SSL/TLS does the product support: __ SSL 2 __ SSL 3 __ TLS 1.0 __ TLS 1.1 __ TLS 1.2 9) OCSP Stapling: a. Does the product support stapling in accordance with RFC6066? __ yes __ no b. Does the product support multiple-stapling in accordance with RFC6961? __ yes __ no c. Does the product check staples before installing them? __ yes __ no d. How frequently are new staples fetched? __ hourly __ daily __ within a specified time before expiration of the previous staple (please specify time) __ other e. What is the behavior of the server when it has no valid staple? Client (Browser, OS) If you write software that acts as a client in a browser-based SSL/TLS connection, please answer these questions. Please be sure to distinguish between desktop and mobile versions where applicable. 10) As of December 2013, which product versions combined constitute 99% of total usage of the vendor's products? [For example: SecureBrowser (desktop version 7.1) – 80% 3 Friday, November 26, 2013 SecureBrowser (desktop version 7.0) – 10% SecureBrowser (desktop version 6.3) – 5% SecureBrowser (desktop version 7.1) – 4% (total of 99%); SecureBrowser (mobile version 3.8) – 90% SecureBrowser (mobile version 3.7) – 8% SecureBrowser (mobile version 3.6) – 1% (total of 99%)] 11) Key store: Does the product implement its own trusted key store? __ yes __ no If no, skip to Question 12. a. Is CA conformance with the CAB Forum Baseline Requirements and EV Guidelines required for a root to be included in your trusted key store? __ yes __ no b. What circumstances result in blacklisting/ removal of “EV status”/removal of a root from the trusted key store? 12) Does the product provide special treatment of EV SSL certificates (different UI or different behaviour)? __ yes __ no If yes, please detail in any answers to the following questions where EV behavior differs from non-EV behavior. 13) Path building: If the TLS handshake results in an incomplete certificate path, does the product use information in the id-ad-caIssuers field of the authorityInfoAccess extension to build a path? 14) Public-key validation: What aspects of public-key validation does the product enforce? (from CA/Browser Forum Baseline Requirements Appendix A) __ minimum key size __ maximum validity period __ RSA exponent checks __ RSA modulus checks __ digest algorithm __ minimum DSA modulus and divisor size __ DSA domain parameters __ DSA public key has unique correct representation and range in the field __ DSA key has the correct order in the subgroup __ NIST ECC Full Public Key Validation Routine __ NIST ECC Partial Public Key Validation Routine 15) Path validation: What sub-sections of RFC5280 Section 6 (path validation) does the product enforce? a. 6.1.3 (a) (1) Verify the signature on the certificate __ yes __ no 4 Friday, November 26, 2013 b. 6.1.3 (b) The subject name is within one of the permitted_subtrees for X.500 distinguished names, and each of the alternative names in the subjectAltName extension is within one of the permitted_subtrees for that name type __ yes __ no c. 6.1.3 (c) The subject name is not within any of the excluded_subtrees for X.500 distinguished names, and each of the alternative names in the subjectAltName extension is not within any of the excluded_subtrees for that name type __ yes __ no d. 6.1.3 (d) Verify the certificate policies extension __ yes __ no 16) Server domain name a. Does the product allow wildcard characters in the certificate subject name? __ yes __ no b. Does the product support Internationalized Names in the Subject and Issuer Distinguished Name fields? __ yes __ no 17) Certificate status a. Which of the following status mechanisms does the product support: 1. __ CRL (where the location of the CRL is obtained via out-of-band means) 2. __ CRLDP (where the location of the CRL is obtained from the CDP extension) 3. __ Delta CRLs 4. __ OCSP (where the location of the OCSP responder is obtained via out-ofband means) 5. __ AIA (where the location of the OCSP responder is obtained from the AIA extension) 6. __ stapled OCSP 7. __ multiple-stapled OCSP 8. __ CRL Sets 9. __ blacklists b. What order of priority amongst these mechanisms does the product follow? c. Does the product require that status values be provided by the issuer of the subject certificate? 18) If your product does not support CRLs, skip to Question 19 a. Are CRLs cached? __yes __no 5 Friday, November 26, 2013 b. May a CRL be used after its nextUpdate time? c. What is the CRL timeout value? (I’m not sure what Tim means by this) d. What is the behaviour if a response is not received for an external CRL request? 19) If your product does not support OCSP, skip to Question 20 a. Are OCSP responses cached? __yes __no b. May an OCSP response be used after its nextUpdate time? __yes __no c. What is the OCSP timeout value? (I’m not sure what Tim means by this) d. Does the product include a nonce in the OCSP request? __yes __no e. If yes, what is the behavior if the response includes a non-matching nonce, or no nonce? 20) Does your product support CRL Sets? __ yes __ no. If no, skip to Question 21. a. Does distribution of the CRL Set require a software update? __ yes __ no b. What reason codes are included in the CRL Set? __ unspecified (0), __ keyCompromise (1), __ cACompromise (2), __ affiliationChanged (3), __ superseded (4), __ cessationOfOperation (5), __ certificateHold (6), __ removeFromCRL (8), __ privilegeWithdrawn (9), __ aACompromise (10) __ other (please specify) c. Which CRLs are included in the CRL Set? d. Which CRLs are excluded from the CRL Set? 21) Name constraints: Does the product support the name constraints extension? __ yes, in accordance with RFC 5280 __ yes, not in accordance with RFC 5280 (please detail discrepancies) __ no 22) Error behaviour 6 Friday, November 26, 2013 a. What SSL/TLS-specific error conditions result in a warning to the user, while allowing the user to click-through and accept the connection? __ Expired end-entity certificate __ Revoked end-entity certificate __ End-entity Certificate not yet valid __ Expired intermediate certificate __ Revoked intermediate certificate __ Intermediate Certificate not yet valid __ End-entity Certificate does not chain to a root in the trust store __ Path validation failure (see Question 13) b. What visual indication is provided when a warning condition exists but has been waived by the user? c. What error conditions result in the connection being terminated? 23) Certificate policy: Does the product UI differentiate between DV/OV and EV certificates? __ yes (please specify) __ no If yes, are additional validation steps evaluated before granting EV status? 24) Order of processing: in what order does the product process the certificate information: __ Chain building & validation __ Extensions __ Revocation data __ CAB Forum requirements __ Other b. If multiple errors are detected during processing, what determines which error is reported to the user? __ All errors are reported __ The most severe error is reported __ The first error encountered is reported 7 Friday, November 26, 2013 25) Key Usage: does the product enforce key usage constraints? __ Yes, via Key Usage __ Yes, via Extended Key Usage __ Yes, via metadata associated with the root 8