Kai Engert wrote: > The domain owner > could configure their server to include this OCSP response in all TLS > handshakes, even though this OCSP response is unrelated to the server > certificate actually being used.
For complete protection, the real domain holder would have to staple all the OCSP responses for all compromised certificates in every full SSL handshake it does, until those certificates expire. How do you compare this with http://tools.ietf.org/html/draft-evans-palmer-key-pinning-00? In that mechanism, the server staples information that "pins" the public key of the cert such that certs with different public keys will automatically be dis-trusted by the browser. The Evens/Palmer pinning mechanism has an advantage in that it protects against mis-issued certs before the issuing CA or the domain owner even learns about them. The Mozilla security team is already planning to implement the Evens/Palmer mechanism in Firefox and Chrome has implemented it, AFAICT. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
