On 30.10.2015 21:42, Michael Str?der wrote: > Walter H. wrote: >> On Thu, October 29, 2015 11:07, Jakob Bohm wrote: >>> She (Eve) would know that the requesting party Alice >>> was talking to Bob at the very moment she sent Trent >>> the OCSP *request* for Bob's certificate. >>> >>> [...] equivalent of having (almost complete) real time >>> copies of everybody's phone bill/call records. >>> Who was calling who at what time. >> this is not a problem as long as the public keys (the certificates) are >> not really public; >> because in your example Eve doesn't have the knowledge which certificate >> the specific serial number has ... >> >> if the public keys (the certificates) are searchable by public - the worst >> case direct by a search engine like google - then you would get an >> absolute security whole: > Update for you: https://crt.sh/ > you know the difference between SSL and S/MIME? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4312 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151030/613aa763/attachment.bin>
