: OCSP Responders Are An Attack Vector For SHA-1 Collisions
Hi Andrew
Thank you for making us aware of this issue with our OCSP responder.
We did make a major change in our CAs some years ago where we among other
things established a new OCSP responder for all Buypass CAs used for
SSL/TLS
Andrew Ayer [a...@andrewayer.name] writes:
>Are there clients that will choke if they receive a response without the
>expected nonce?
See my previous message, since no public CAs honour nonces [0] I don't think
there'd be any problem.
Peter.
[0] At least as of the last check a few years ago.
On Wed, 9 Mar 2016 21:40:32 +0100
Jakob Bohm wrote:
> 1. Use a non-CA OCSP certificate if the relevant clients are known to
>support this aspect of the OCSP protocol (I don't know if any OCSP
>clients, historic or otherwise, lack this ability).
Using a dedicated
On 10/03/2016 00:22, Peter Gutmann wrote:
Jakob Bohm writes:
2. Find a way to add OCSP responder chosen random data in each OCSP
response.
Responder or requester? You've got the OCSP nonce, although since every
(public) CA has disabled it that probably won't help
On Wed, Mar 9, 2016 at 12:40 PM, Jakob Bohm wrote:
> 1. Use a non-CA OCSP certificate if the relevant clients are known to
> support this aspect of the OCSP protocol (I don't know if any OCSP
> clients, historic or otherwise, lack this ability). Such an OCSP
>
Jakob Bohm writes:
>2. Find a way to add OCSP responder chosen random data in each OCSP
> response.
Responder or requester? You've got the OCSP nonce, although since every
(public) CA has disabled it that probably won't help much. OTOH since clients
won't be checking
On 09/03/2016 20:03, Yuhong Bao wrote:
I know of one blocker: Microsoft. Their TechNet article at aka.ms/sha1 says
that CAs are allowed to use SHA-1 and SHA-2 for OCSP signing certs and OCSP
responses, to allow continued support for XP SP1 and 2, and Server 2003. Using
SHA-2 only for OCSP
On 09/03/16 19:03, Yuhong Bao wrote:
I know of one blocker: Microsoft. Their TechNet article at aka.ms/sha1 says
that CAs are allowed to use SHA-1 and SHA-2 for OCSP signing certs and OCSP
responses, to allow continued support for XP SP1 and 2, and Server 2003. Using
SHA-2 only for OCSP
> I know of one blocker: Microsoft. Their TechNet article at aka.ms/sha1 says
> that CAs are allowed to use SHA-1 and SHA-2 for OCSP signing certs and OCSP
> responses, to allow continued support for XP SP1 and 2, and Server 2003.
> Using SHA-2 only for OCSP signing certs and OCSP responses
> I would note that we could also combine these responses. For example, we
> might require that CAs retire SHA-1 for OCSP with a long-ish horizon, but
> require them to use constrained OCSP certs basically ASAP.
>
> Of course, if we could just turn off SHA-1 for OCSP, that would be
> fantastic.
Hi Andrew
Thank you for making us aware of this issue with our OCSP responder.
We did make a major change in our CAs some years ago where we among other
things established a new OCSP responder for all Buypass CAs used for
SSL/TLS-certificates (including Buypass Class 2 CA 1). However, the
On Tue, Mar 8, 2016 at 4:58 PM, Andrew Ayer wrote:
> As we all know, the Baseline Requirements forbid signing certificates
> with SHA-1 after January 1, 2016. However, both the BRs and Mozilla
> policy are silent on the topic of OCSP response signatures[1].
>
12 matches
Mail list logo