[openssl-users] Thoughts about security, privacy, ...

Michael Ströder michael at stroeder.com
Sat Oct 31 22:23:34 UTC 2015

Walter H. wrote:
> On 31.10.2015 13:01, Michael Ströder wrote:
>> Walter H. wrote:
>>> On 30.10.2015 21:42, Michael Ströder wrote:
>>>> Walter H. wrote:
>>>>> On Thu, October 29, 2015 11:07, Jakob Bohm wrote:
>>>>>> She (Eve) would know that the requesting party Alice
>>>>>> was talking to Bob at the very moment she sent Trent
>>>>>> the OCSP *request* for Bob's certificate.
>>>>>> [...] equivalent of having (almost complete) real time
>>>>>> copies of everybody's phone bill/call records.
>>>>>> Who was calling who at what time.
>>>>> this is not a problem as long as the public keys (the certificates) are
>>>>> not really public;
>>>>> because in your example Eve doesn't have the knowledge which certificate
>>>>> the specific serial number has ...
>>>>> if the public keys (the certificates) are searchable by public - the worst
>>>>> case direct by a search engine like google - then you would get an
>>>>> absolute security whole:
>>>> Update for you: https://crt.sh/
>>> you know the difference between SSL and S/MIME?
>> I know the difference very well - probably even longer than you.
> sorry I don't think so, because you didn't really reply anything in connection
> with S/MIME as I mentioned,

So, so...

> give me a hint for finding S/MIME certificates, finding my own would be nice;

You claim that clear-text OCSP requests are not a privacy issue. So you should
explain how you keep your *public*-key cert from being intercepted somewhere.
You can't.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151031/f1b42ece/attachment.bin>

More information about the openssl-users mailing list