The recent MD5 collision attack has also demonstrated a "brittle" side
of OCSP [1]:
http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
It seems that, assuming we can create an intermediate or subroot
certificate, then we can also redirect the OCSP to a place of our
choosing, because a certificate refers to its own OCSP [2].
Hence, once we rogue-players have created a certificate like this, the
CA cannot revoke it using its own control mechanisms. Which implies
OCSP is mostly good for revoking "good certs," being the ones the CA
itself issues, and is less good at dealing with externally-controlled or
rogue issues.
What is also curious is Microsoft's response: It seems to be
recommending that OCSP be configured using local proxy responders. Look
for the words "custom OCSP" in the above link.
Would people think this is best practices [3]?
iang
[1] someone else pointed this out to me, but I am not convinced of their
conclusions so thought I'd ask here...
[2] CRL is probably included in this discussion.
[3] Including, as stated in the very last line, in bold?
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
