A mighty fortress is our PKI, Part II
Nicolas Williams
Nicolas.Williams at oracle.com
Thu Jul 29 12:44:29 EDT 2010
On Thu, Jul 29, 2010 at 10:50:10AM +0200, Alexandre Dulaunoy wrote:
> On Thu, Jul 29, 2010 at 3:09 AM, Nicolas Williams
> <Nicolas.Williams at oracle.com> wrote:
> > This is a rather astounding misunderstanding of the protocol. [...]
>
> I agree on this and but the implementation of OCSP has to deal with
> all "non definitive" (to take the wording of the RFC) answers. That's
> where the issue is. All the "exception case", mentioned in 2.3, are
> all unauthenticated and it seems rather difficult to provide authenticated
> scheme for that part as you already mentioned in [*].
>
> That's why malware authors are already adding fake entries of OCSP
> server in the host file... simple and efficient.
A DoS attack on OCSP clients (which is all this really is) should either
cause the clients to fallback on CRLs or to fail the larger operation
(TLS handshake, whatever) altogether. The latter makes this just a DoS.
The former makes this less than a DoS.
The real risk would be OCSP clients that don't bother with CRLs if OCSP
Responder can't respond successfully, but which proceed anyways af if
peers' certs are valid. If there exist such clients, don't blame OCSP.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list