On Mon, Feb 6, 2012 at 4:47 PM, Ralph Holz <[email protected]> wrote: > Unless your attacker is so strong he can control and suppress your IP > traffic right at your gateway, OCSP will still work.
It's actually a little tough to imagine an attacker who can MITM your SSL traffic, but not your OCSP traffic. Your ISP obviously gets both, but there comes a point where your ISP probably routes the two traffic flows to different backbones. But a backbone provider can BGP poison your ISP and grab the OCSP traffic too. So, if you continue the exercise, you get to the point where the attacker is on a more minor network, in front of the server. But then they can probably pass DV checks for that server and so, effectively are the server to any CA who checks and can get a stream of certificates issued. It is possible to some up with some situations where soft-fail checks might be effective (perhaps "what if you're in front of one instance of a multi-homed server, which no CA happens to hit?"), but doing so simply highlights the fact that it's basically worthless. > I also hesitate because moving the revocation part into the browser > updates doesn't seem very scalable. It will help by adding revocation > info for important sites, sure, but where do you draw the line? How many > sites do you want to add and monitor as a browser vendor? What about > open source browsers - are they supposed to follow this lead and track > revocations for x sites, by crawling the Web as Google can do? What > about the many revocations that come without a reason (that might > actually be the majority) - how should they be treated? And finally, > will CAs be happy to comply here? The first part of the argument was intended to convince one that we have no effective revocation scheme at the moment. At that point, anything is an improvement. I suspect that, if we could actually just get the revocations with a security impact, it would be manageable. But we are likely to end up carrying more than that and will have to make a decision about where to cut. That's not great and we would welcome an effective, deployable revocation scheme. But I don't believe that carrying on with soft-fail checking is on the path towards that. Cheers AGL
