Agree and also in that case the solution is not robust enough from security standpoint. The adversary needs to do DNS poisoning and then is in business.
-----Original Message----- From: Ben Laurie [mailto:[email protected]] Sent: Friday, September 21, 2012 4:58 AM To: [email protected] Cc: Santosh Chokhani; [email protected] Subject: Re: [therightkey] Certificate Transparency Working Group? On 21 September 2012 06:50, Martin Rex <[email protected]> wrote: > Santosh Chokhani wrote: >> Ben Laurie, >> >> I am posting this at the suggestion of Stephen Ferrell. There is no >> evidence that he supports or is against my analysis. He just thought this >> mail list is the appropriate place to make my point.. >> >> My basic tenet is that the OCSP certinfo extension being discussed in PKIX >> does not protect against RA compromise and may also not protect against CA >> compromise since the attacker who compromised the CA may be able to create >> an OCSP Responder certificate and either also put bogus OCSP pointer in the >> minted certificates or use DNS poisoning on the relying parties. >> >> Thus, I think the certificate transparency is worth discussing. > > Locating the OCSP server through AIA in the EE cert might be the > problem here. Maybe the OCSP responder ought to be located through an > extension in the CA cert itself instead? That would make CT substantially harder, because then we'd have to deal with authenticating chains instead of just EE certs - and EE certs tend to have multiple authentication chains... _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
