On 02/23/2012 11:52 AM, Kai Engert wrote:
>
>
> As soon as the certificate has been revoked, the domain owner is able
> to obtain an OCSP response for the rogue certificate. The domain owner
> could configure their server to include this OCSP response in all TLS
> handshakes, even though this OCSP response is unrelated to the server
> certificate actually being used.
>
> If clients had a persistent OCSP cache, in particular bundled with a
> persistent OCSP cache for all revocation events, then users/clients
> could potentially learn about important revoked certificates in
> advance, for the servers they frequently visit.
So I had some initial issues with this, until I realized by domain owner
you mean the owner of the domain being spoofed by the OCSP response.
The tricky thing here is identifying the cert that was revoked. Unless
the CA actively pushes the results of revocation out to the domain
owner, their is no way the owner will know from a random OCSP or CRL
that a given revoked cert was from their domain.
This also doesn't help if the rogue certificate happens to be an
intermediate.
Not that the idea is without merit, we just need to make sure we
understand the limitations.
bob
>
>
> Servers could be allowed to contact (daily) each of the publicly known
> CAs. The server could ask "do you know about any revoked certificates
> for my server's hostname?". Assuming the CA has a database of their
> incorrectly issued certificates, it could lookup the affected
> certificates, produce a revocation OCSP response for each of them, and
> send them back to the server. This way, information about compromised
> certificates could be distributed automatically, only between the
> parties that are really interested in such certificates.
OK this solves issue 2.
bob