Hi, Alaric Dailey wrote:
>> Actually this wouldn't be an improvement and there is various reason why >> CRLs were replaced with OCSP, and OCSP revocation checks should be >> turned on by default, although I'd be more interested to see OCSP >> proxying by the website implemented to protect end user privacy. >> >> > Not to take this discussion to far off track, but why would the user > trust a proxied verification of the cert they are trying to verify? > Something else should be done about that. It can trust the verification, since the verification is timestamped and signed by the OCSP responder anyway, it doesn´t matter much, whether the client fetches it directly or gets if forwarded. The difference I see is that the verification through OCSP is normally unencrypted (I would have wanted to suggest running OCSP through SSL, but how do you verify the certificate of the SSL server for the SSL connection to the OCSP responder?), and therefore the OCSP request and the OCSP response are being sent in cleartext (they are only integrity protected with digital signatures). Such clear-text OCSP requests are providing a lot of interesting material for traffic analysis. (which is partly why we wanted the encryption in the first place ...) So the solution the proxying by the webserver proposes is that the webserver regularly (every 20 minutes perhaps) gets an OCSP verification for it´s server certificate, caches that for 20 minutes, and whenever a client makes an SSL connection, the webserver sends both the Server certificate, and the latest OCSP response together in the SSL handshake. If the Browser gets the OCSP response through the SSL handshake, and the OCSP response is still valid, and the OCSP response is still fresh, then the Browser does not need to go and ask the OCSP server for a OCSP response. This would solve a couple of problems at once: * Privacy of the client regarding the OCSP Server * More efficient for the OCSP Server for High-volume webservers, where a lot of Browser clients would contact the OCSP Server directly, now the OCSP Server only gets 1 request every 20 minutes from that server. You can think of the OCSP response as a refreshed server certificate that way. The problem is that this scenario only helps for Webservers, it doesn´t help for S/Mime in Emails, ... And it currently doesn´t seem as if browser vendors and webserver vendors will support it soon. I haven´t actually tried all that myself yet, so I might have got it wrong somewhere. Best regards, Philipp Gühring _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
