Something that is rather difficult to prove, at present, is that a
certificate has been used after it has expired or been revoked.
If servers were required to include a signature over a recent STH (or
STH+OCSP staple) along with their SCT, this would provide an easy way
of showing that a *server* was behaving incorrectly. E.g., as a TLS
extension:
struct {
STH;
sign(SignedCertificateTimestamp || OCSP || STH);
} FreshnessProof;
This seems rather better than signing a timestamp; the STH isn't
predictable without a colluding log, so it isn't possible to
"accidentally" sign a future time.
Any thoughts?
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
