We've just posted a revised version of this doc. Here is a quick
summary of the changes.
1. Revised the introduction to discuss the AIA extension and its status
relative to 5280
and to CABF cert policies.
2. Added a paragraph to 3.2.1.1.1 to note an attack in which a malicious
CA revokes
a bogus cert but sends a "god" OCSP response to a targeted user
(browser). Also added
a few words to the paragraph in 3.2.1.1.2 noting the same sort of attack.
3. Revised section 3.3 to note that 5280 warns about the dangers of
having duplicate names,
in the Security Considerations section. Divided the text into
subsections to address different
forms of the colluding CA attack, in an effort to make this section
easier to read.
4. Revised the 3.3 text to better distinguish among attacks based on
revocation of the
doppelganger EE cert vs. revocation of the cert of the CA that issued
and logged this
bogus cert. The discussion notes why these revocation actions might or
might not be
effective, depending on implementation details that are not specified in
5280 or other RFCs.
5. Added text to note that, in this context, a CA and bogus web server
could cause
a targeted user (browser) to get a "good" OCSP response as part of the
colluding CA attack,
if the browser asks the web server for the OCSP response. (This is
relevant to the
discussion of whether an AIA extension is included in the bogus EE cert.)
6. Revised Section 3.4 to address comments received from Bryan
(offlist), including
his suggestion to create subsections of 3.4 (which motivated creating
such subsections
in 3.3).
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
