On 4/15/2014 6:16 PM, Man Ho (Certizen) wrote:
On 4/16/2014 12:08 AM, Daniel Veditz wrote:
The main practical problems with convergence are that it introduces a
dependency on traffic to a 3rd party which hurts privacy, reliability,
and performance.
The same problem applies to Certificate Transparency too, but not to
OCSP revocation checking.
OCSP as found in the wild is terrible on all three points which is why
Google Chrome is dropping support. It works most of the time, except
when you have an attacker in position to perform a MITM attack at which
point the attacker can block the OCSP request (reliability). As you surf
around the web you are telling the CAs (by pinging their OCSP responder)
that you exist and are visiting a particular site (privacy). If browsers
block page load waiting for the OCSP responder then you've just slowed
down the loading of your site (performance) and if they don't they they
allow you to connect to a bad site and then retroactively try to tell
you it's bad (reliability again).
OCSP stapling resolves most of these issues but it's not broadly used.
Certificate Transparency essentially requires stapling (or an equivalent
mechanism) so that there's no need to make an inline request to a log.
http://www.certificate-transparency.org/faq#TOC-What-is-an-SCT-
-Dan Veditz
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy