On Friday, September 23, 2016 at 9:15:48 AM UTC-7, Jakob Bohm wrote: >they are nowhere as bad as proponents of > extreme centralization schemes claim.
Citation needed. It would seem that you're not familiar with the somewhat well-accepted industry state of the art. It would perhaps be useful if you could dispute, using Firefox as an example, and considering the real deployment (not the theorhetical abstract of ways in which someone 'might' configure about:flags, but no one can and still have the same experience), the following points: https://www.imperialviolet.org/2011/03/18/revocation.html https://www.imperialviolet.org/2012/02/05/crlsets.html https://www.imperialviolet.org/2014/04/29/revocationagain.html > > For example OCSP stapled responses cannot be reused or abused beyond > their CA specified expiry times, No, but they can be omitted, and no client hard fails on the absence of OCSP. Similarly, fetched OCSP can be blocked, under an adversarial model. I cannot stress enough: discussions of revocation schemes require a model of the attacker or the threat to have relevant discussions. Abstract notions, however attractive, must be intersected with practical reality. > while CA issued CRLs and delta CRLs > cannot be used beyond their scheduled expiry times. To bypass these > mechanisms an attacker would have to somehow manipulate the relying > party's clock and/or a trusted Time Stamping Authority. Or the > attacker could choose a CA with too long expiry times on their CRLs and > OCSP responses. No. They just prevent them from being delivered. Which is trivial. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
