[openssl-users] Thoughts about security, privacy, ...
Michael Ströder
michael at stroeder.com
Fri Oct 30 20:42:15 UTC 2015
Walter H. wrote:
> On Thu, October 29, 2015 11:07, Jakob Bohm wrote:
>> She (Eve) would know that the requesting party Alice
>> was talking to Bob at the very moment she sent Trent
>> the OCSP *request* for Bob's certificate.
>>
>> [...] equivalent of having (almost complete) real time
>> copies of everybody's phone bill/call records.
>> Who was calling who at what time.
>
> this is not a problem as long as the public keys (the certificates) are
> not really public;
> because in your example Eve doesn't have the knowledge which certificate
> the specific serial number has ...
>
> if the public keys (the certificates) are searchable by public - the worst
> case direct by a search engine like google - then you would get an
> absolute security whole:
Update for you: https://crt.sh/
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151030/acd8e89e/attachment-0001.bin>
More information about the openssl-users
mailing list