Payments as an answer to spam (addenda)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun May 18 01:50:45 EDT 2003


Rich Salz <rsalz at datapower.com> writes:

>A couple of years ago, we'd go around explaining that CRL's were the paper
>booklets, and OCSP was the Verifone terminal, giving per-transactional
>validity to the credentials.

The problem with OCSP is that it's designed to be 100% bug-compatible with
CRLs.  All it is is an online CRL-query mechanism, rather than a true realtime
status mechanism.  In other words if you go to your CA and ask for a status
check, it looks at the 8-hour-old CRL lying around on disk and gives you the
status from that, rather than from a live database.  To do otherwise would be
disrespectful to the memory of OSI.

Now there are some responders that query a live database, but there are
concerns that this will lead to responses that differ from those obtained when
the relying party queries a CRL (you're back to the "bug-compatible with CRLs"
issue again).  In addition there is a larger problem, which is the almost
religous belief in X.509 that you can only return a negative response to a
query, never a positive one.  In other words when fed a freshly-issued
certificate and asked "Is this a valid certificate", OCSP can't say "Yes" (a
CRL can only answer "revoked"), and when fed an Excel spreadsheet it can't say
"No" (the spreadsheet won't be present in any CRL).  By extension if you feed
it a fake certificate it can't tell you it's invalid (it isn't on any CRL),
and many clients will interpret this as an indication that it's currently
valid.  In other words when you feed a fake cert to an OCSP responder (say a
Verisign cert actually issued by Joe Hacker), the result of the OCSP process
is that the client thinks it's valid cert.  The design is a triumph of X.509
theology over practicality.

So I agree with the statement that "OCSP is actually a more timely version of
the paper booklets that were distributed in the 50s & 60s".  A real solution
to the problem would follow the online authorisation model used for financial
transactions, just a straight "Accepted/Declined" response, rather than the
"Maybe/Maybe not" silly-walk that OCSP does.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list