On 26 September 2017 at 02:36, Kyle Hamilton <aerowolf@xxxxxxxxx> wrote:
On Fri, Sep 22, 2017 at 9:32 AM, Richard Moore <richmoore44@xxxxxxxxx> wrote:
>
> It's also worth pointing out that CAs are banned from running OCSP servers over HTTPS anyway and it isn't needed since the responses are already signed - http is fine.
That argument fails when you consider that some people want the
details of who they're talking to or asking about to be confidential,
not merely authentic.
That doesn't change the fact it's banned.
I'm a believer in the idea that SNI and the Certificate messages
should happen under an ephemeral DH or ephemeral ECDH cover. Others
fear-monger to say "maybe they shouldn't".
There are a lot of other things that would also need addressing to make it secret /who/ you're talking to. It's not something https guarantees right now. If you'd like it to that would be a whole other discussion.
(Also, for completeness, the argument that "CAs are banned from
running OCSP servers over HTTPS anyway" is a straw man at best -- not
every CA is created or intends to be a member of or subject to the
mandates of the CA Security Council, formerly known as the CA/Browser
Forum. And every attempt to encode policy into technical standards,
The CA Security Council and CA/Browser Forum are unrelated organisations.
Regards
Rich.
attempting to prohibit certain actions for whatever misguided
administrative reasons, is subject to being bypassed by people who
understand the various parts and how to glue them all together.)
To be fair, the OCSP responder certificate may or may not be
revoked... but honestly, if you're asking the OCSP responder for the
status of its own certificate you're opening yourself up to a
subordination/subversion attack anyway. OCSP responders should have
very short-lived certificates, to minimize the temporal subordination
attack surface.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users