Neil's interpretation of my poorly-worded question was correct - thank you and apologies for the confusion.
On Thu, Sep 12, 2019 at 5:39 PM Ryan Sleevi <r...@sleevi.com> wrote: > > On Thu, Sep 12, 2019 at 11:25 AM Alex Cohn via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> Should a CA using a precertificate signing certificate be required to >> provide OCSP services for their precertificates? Or is it on the relying >> party to calculate the proper OCSP request for the final certificate and >> send that instead? In other words, should we expect a CT-naïve OCSP >> checker >> to work normally when presented, e.g., with https://crt.sh/?id=1868433277 >> ? >> > > I think this may be the wrong framing. The issue is not about ensuring "a > CT-naïve OCSP checker" can get responses for pre-certs. It's about ensuring > that, from the point of view of a user agent that views a pre-certificate > as evidence that an equivalent certificate exists, even if it's not known > (or even if it was not actually issued), can they verify that OCSP services > exist and are configured for that equivalent certificate? > Fair point. The only relying parties likely to come across precertificates in practice are CT log clients, and it's reasonable to assume those will be prepared to handle edge cases like this. (How many actually handle this correctly? crt.sh doesn't, as far as I can tell - OCSP checks for the precert I posted earlier return "unauthorized", despite the final certificate being good) > In this scenario, because RFC 6962 establishes that, even when using a > Precertificate Signing Certificate, it will have been directly issued by > the CA Certificate that will ultimately issue the "final" certificate (... > or would be treated as if it had), then we have the (name-hash, key-hash) > that Neil was referring to, and we can easily verify using that, for the > serial number indicated in the pre-certificate, that the OCSP response can > be verified using the issuer of the Precertificate Signing Certificate. > That technique was what I was attempting to hint at with "on the relying party to calculate the proper OCSP request for the final certificate". > Have I overlooked some ambiguity? > Not that I can think of on further reflection. Just some unanticipated-by-me edge cases :) Alex _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
