(In reply to [Baboo] from comment #100) > OCSP traffic can be blocked at the same place where you > do your MITM attackā¦
I agree that the OCSP traffic can be blocked by a MITM attacker, so the lack of OCSP traffic at the CA cannot be taken as concrete proof that the certificate was never live. Nonetheless, a complete lack of OCSP traffic contrasts sharply with that observed by DigiNotar around the MITM use of the certificates they issued and leads me to the belief that a current real-world MITM attack would generate some OCSP traffic. I am also of the opinion that we would see some 'leakage' of OCSP traffic from those under a MITM attack even if it was the attackers aim to block OCSP - although I suppose that need not be the case for a very finely targeted attack at a small group of victims. While OCSP silently soft-fails in the client there is no need for an attacker to block it. If/When OCSP (or some other revocation checking method) hard-fails there would be no point in an attacker blocking it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/310999 Title: comodo seen issuing certificates unwisely To manage notifications about this bug go to: https://bugs.launchpad.net/nss/+bug/310999/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
