On 13/10/09 22:37, Robert Relyea wrote:
It turns out that of all cases 2, 3, and 4, case 4 is the easiest (simply overload the requested OCSP server). Also, if you can do 2, and 3, you can always do 4 (You just drop the packet on the ground). So while an attacker may have lots of things he can do to us, he can always do the one case that we are going to always accept under this proposal.
A very good point. Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
