A mighty fortress is our PKI, Part II
Alexandre Dulaunoy
a at foo.be
Wed Jul 28 16:03:08 EDT 2010
On Wed, Jul 28, 2010 at 5:51 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Nicolas Williams <Nicolas.Williams at oracle.com> writes:
>
>>Exactly. OCSP can work in that manner. CRLs cannot.
>
> OCSP only appears to work in that manner. Since OCSP was designed to be 100%
> bug-compatible with CRLs, it's really an OCQP (online CRL query protocol) and
> not an OCSP. Specifically, if I submit a freshly-issued, valid certificate to
> an OCSP responder and ask "is this a valid certificate" then it can't say yes,
> and if I submit an Excel spreadsheet to an OCSP responder and ask "is this a
> valid certificate" then it can't say no. It takes quite some effort to design
> an online certificate status protocol that's that broken.
OCSP is even better for an attacker. As the OCSP responses are
unauthenticated[1], you can be easily fake the response with
what ever the attacker likes.
http://www.thoughtcrime.org/papers/ocsp-attack.pdf
[1] Would be silly to run OCSP over SSL ;-)
--
-- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://www.foo.be/cgi-bin/wiki.pl/Diary
-- "Knowledge can create problems, it is not through ignorance
-- that we can solve them" Isaac Asimov
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list