Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8257766

Add support for RFC 8954: Online Certificate Status Protocol (OCSP) Nonce Extension

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 17
    • security-libs
    • None
    • behavioral
    • minimal
    • System or security property
    • JDK

      Summary

      Add support for RFC 8954 (Online Certificate Status Protocol (OCSP) Nonce Extension) to the JDK PKIX implementation. Introduce a system property named jdk.security.certpath.ocspNonce to enable use of the nonce extension.

      Problem

      The PKIXRevocationChecker checks the revocation status of certificates with the OCSP responders. The current implementation has protections against replay attacks using the date-based approach of OCSP freshness determination specified in section 7.1 of RFC 5019 [1]. Adding the nonce extension to bind the OCSP request and response is an improvement.

      Solution

      The current implementation in PKIXRevocationChecker requires the OCSP response to be timely using the date-based approach against replay attacks. Defining a system property jdk.security.certpath.ocspNonce to enable nonce extension is an improvement.

      As RFC 8954 [2] states that if the nonce extension is present, then the length of the nonce must be at least 1 octet and can be up to 32 octets, and OCSP responders must accept lengths of at least 16 octets. To have a conforming implementation, the default nonce length is defined as 16-byte by jdk.security.certpath.ocspNonce=true, where 16-byte is also same as OpenSSL default.

      System property jdk.security.certpath.ocspNonce is disabled by default for compatibility. This is because RFC 5019 [1] states that clients should not include the requestExtensions structure, and if a requestExtensions structure is included, this profile recommends that it contain only the nonce extension.

      Reference:

      [1] https://tools.ietf.org/html/rfc5019

      [2] https://tools.ietf.org/html/rfc8954

      Specification

      "Java PKI Programmer's Guide" section in Security Developer's Guide:

      Support for the nonce extension in OCSP requests can be configured with the system property jdk.security.certpath.ocspNonce. It is disabled by default, and can be enabled by setting it to the value true. If set to true, the JDK implementation of PKIXRevocationChecker includes a Nonce extension containing a 16 byte nonce with each OCSP request.

            hchao Haimay Chao
            mullan Sean Mullan
            Jamil Nimeh, Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: