Walter H. wrote: > On Thu, October 29, 2015 11:07, Jakob Bohm wrote: >> She (Eve) would know that the requesting party Alice >> was talking to Bob at the very moment she sent Trent >> the OCSP *request* for Bob's certificate. >> >> [...] equivalent of having (almost complete) real time >> copies of everybody's phone bill/call records. >> Who was calling who at what time. > > this is not a problem as long as the public keys (the certificates) are > not really public; > because in your example Eve doesn't have the knowledge which certificate > the specific serial number has ... > > if the public keys (the certificates) are searchable by public - the worst > case direct by a search engine like google - then you would get an > absolute security whole: Update for you: https://crt.sh/ Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4245 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151030/acd8e89e/attachment-0001.bin>
