Walter H. wrote: > On 31.10.2015 13:01, Michael Str?der wrote: >> Walter H. wrote: >>> On 30.10.2015 21:42, Michael Str?der wrote: >>>> Walter H. wrote: >>>>> On Thu, October 29, 2015 11:07, Jakob Bohm wrote: >>>>>> She (Eve) would know that the requesting party Alice >>>>>> was talking to Bob at the very moment she sent Trent >>>>>> the OCSP *request* for Bob's certificate. >>>>>> >>>>>> [...] equivalent of having (almost complete) real time >>>>>> copies of everybody's phone bill/call records. >>>>>> Who was calling who at what time. >>>>> this is not a problem as long as the public keys (the certificates) are >>>>> not really public; >>>>> because in your example Eve doesn't have the knowledge which certificate >>>>> the specific serial number has ... >>>>> >>>>> if the public keys (the certificates) are searchable by public - the worst >>>>> case direct by a search engine like google - then you would get an >>>>> absolute security whole: >>>> Update for you: https://crt.sh/ >>>> >>> you know the difference between SSL and S/MIME? >> I know the difference very well - probably even longer than you. > sorry I don't think so, because you didn't really reply anything in connection > with S/MIME as I mentioned, So, so... > give me a hint for finding S/MIME certificates, finding my own would be nice; You claim that clear-text OCSP requests are not a privacy issue. So you should explain how you keep your *public*-key cert from being intercepted somewhere. You can't. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4245 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151031/f1b42ece/attachment.bin>
