[openssl-users] Thoughts about security, privacy, ...
Michael Ströder
michael at stroeder.com
Sat Oct 31 12:01:00 UTC 2015
Walter H. wrote:
> On 30.10.2015 21:42, Michael Ströder wrote:
>> Walter H. wrote:
>>> On Thu, October 29, 2015 11:07, Jakob Bohm wrote:
>>>> She (Eve) would know that the requesting party Alice
>>>> was talking to Bob at the very moment she sent Trent
>>>> the OCSP *request* for Bob's certificate.
>>>>
>>>> [...] equivalent of having (almost complete) real time
>>>> copies of everybody's phone bill/call records.
>>>> Who was calling who at what time.
>>> this is not a problem as long as the public keys (the certificates) are
>>> not really public;
>>> because in your example Eve doesn't have the knowledge which certificate
>>> the specific serial number has ...
>>>
>>> if the public keys (the certificates) are searchable by public - the worst
>>> case direct by a search engine like google - then you would get an
>>> absolute security whole:
>> Update for you: https://crt.sh/
>>
> you know the difference between SSL and S/MIME?
I know the difference very well - probably even longer than you.
Note:
1. Google's certificate transparency project is not limited to certain
certificate types.
2. Privacy concerns are raised because of browsers validating server certs via
OCSP during TLS connect.
=> OCSP should be feasible over TLS in the spirit of RFC 7258.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151031/9f16361f/attachment.bin>
More information about the openssl-users
mailing list