On 02/23/2012 11:52 AM, Kai Engert wrote:
As soon as the certificate has been revoked, the domain owner is able
to obtain an OCSP response for the rogue certificate. The domain owner
could configure their server to include this OCSP response in all TLS
handshakes, even though this OCSP response is unrelated to the server
certificate actually being used.
If clients had a persistent OCSP cache, in particular bundled with a
persistent OCSP cache for all revocation events, then users/clients
could potentially learn about important revoked certificates in
advance, for the servers they frequently visit.
So I had some initial issues with this, until I realized by domain owner
you mean the owner of the domain being spoofed by the OCSP response.
The tricky thing here is identifying the cert that was revoked. Unless
the CA actively pushes the results of revocation out to the domain
owner, their is no way the owner will know from a random OCSP or CRL
that a given revoked cert was from their domain.
This also doesn't help if the rogue certificate happens to be an
intermediate.
Not that the idea is without merit, we just need to make sure we
understand the limitations.
bob
Servers could be allowed to contact (daily) each of the publicly known
CAs. The server could ask "do you know about any revoked certificates
for my server's hostname?". Assuming the CA has a database of their
incorrectly issued certificates, it could lookup the affected
certificates, produce a revocation OCSP response for each of them, and
send them back to the server. This way, information about compromised
certificates could be distributed automatically, only between the
parties that are really interested in such certificates.
OK this solves issue 2.
bob
Of couse, this "advance OCSP stapling" doesn't help if the user
connects to the system for the first time, or visits the system
infrequently and therefore doesn't have a chance to learn about the
rogue certificate early. That's where MECAI might be able to help.
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
