On Fri, Sep 22, 2017 at 9:32 AM, Richard Moore <richmoore44@xxxxxxxxx> wrote: > > It's also worth pointing out that CAs are banned from running OCSP servers over HTTPS anyway and it isn't needed since the responses are already signed - http is fine. That argument fails when you consider that some people want the details of who they're talking to or asking about to be confidential, not merely authentic. I'm a believer in the idea that SNI and the Certificate messages should happen under an ephemeral DH or ephemeral ECDH cover. Others fear-monger to say "maybe they shouldn't". (Also, for completeness, the argument that "CAs are banned from running OCSP servers over HTTPS anyway" is a straw man at best -- not every CA is created or intends to be a member of or subject to the mandates of the CA Security Council, formerly known as the CA/Browser Forum. And every attempt to encode policy into technical standards, attempting to prohibit certain actions for whatever misguided administrative reasons, is subject to being bypassed by people who understand the various parts and how to glue them all together.) To be fair, the OCSP responder certificate may or may not be revoked... but honestly, if you're asking the OCSP responder for the status of its own certificate you're opening yourself up to a subordination/subversion attack anyway. OCSP responders should have very short-lived certificates, to minimize the temporal subordination attack surface. -Kyle H -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
