A mighty fortress is our PKI, Part II

Alexandre Dulaunoy a at foo.be
Wed Jul 28 16:03:08 EDT 2010


On Wed, Jul 28, 2010 at 5:51 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Nicolas Williams <Nicolas.Williams at oracle.com> writes:
>
>>Exactly.  OCSP can work in that manner.  CRLs cannot.
>
> OCSP only appears to work in that manner.  Since OCSP was designed to be 100%
> bug-compatible with CRLs, it's really an OCQP (online CRL query protocol) and
> not an OCSP.  Specifically, if I submit a freshly-issued, valid certificate to
> an OCSP responder and ask "is this a valid certificate" then it can't say yes,
> and if I submit an Excel spreadsheet to an OCSP responder and ask "is this a
> valid certificate" then it can't say no.  It takes quite some effort to design
> an online certificate status protocol that's that broken.

OCSP is even better for an attacker. As the OCSP responses are
unauthenticated[1], you can be easily fake the response with
what ever the attacker likes.

http://www.thoughtcrime.org/papers/ocsp-attack.pdf

[1] Would be silly to run OCSP over SSL ;-)

-- 
--                   Alexandre Dulaunoy (adulau) -- http://www.foo.be/
--                             http://www.foo.be/cgi-bin/wiki.pl/Diary
--         "Knowledge can create problems, it is not through ignorance
--                                that we can solve them" Isaac Asimov

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list