Re: https and self signed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 17.06.2016 22:39, Александр Кириллов wrote:
yes and no, but faking a valid OCSP response that says good instead of
revoked is also possible ...

Could you please provide any proof for that statement? If it were true the whole PKI infrastructure should probably be thrown out of the window. )
question back: is the SHA2 discussion a real security impact or just paranoia?

so provide a proof of the following statement:

"using OCSP Stapling is as secure as not using OCSP Stapling"

just think of the "parallel universe" called real life ...

do you believe a car dealer that a used car is ok, or do you want a proof by third party? (here the car dealer is the server and 3rd pardy is the OCSP server or CRL provided by the CA)

for me I refuse it or in other words, when there is no OCSP response and I don't get a CRL from the CA
 the SSL-host is blocked;


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux