On 05.02.2014 08:25, Brian Smith wrote:
> It would be possible for a server to fetch and staple the OCSP
> response only using the information from the server's end-entity
> certificate.
Actually no - you can't properly fill in the CertID for the request
otherwise. From RFC 6960:
> Request ::= SEQUENCE {
> reqCert CertID,
> singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
>
> CertID ::= SEQUENCE {
> hashAlgorithm AlgorithmIdentifier,
> issuerNameHash OCTET STRING, -- Hash of issuer's DN
> issuerKeyHash OCTET STRING, -- Hash of issuer's public key
> serialNumber CertificateSerialNumber }
>
and
> o issuerKeyHash is the hash of the issuer's public key. The hash
> shall be calculated over the value (excluding tag and length) of
> the subject public key field in the issuer's certificate.
(relying on the end-entity's AKID extension isn't reliable enough - even
if it is present, it doesn't necessarily have to be a hash over the
issuer's public key, that's only a recommendation in RFC 5280 section
4.2.1.2)
Kaspar
