[openssl-users] How can I sstart openssl ocsp in secure mode using TLS/SSL

[Kyle Hamilton]

On Fri, Sep 22, 2017 at 9:32 AM, Richard Moore <richmoore44 at gmail.com> wrote:
>
> It's also worth pointing out that CAs are banned from running OCSP servers over HTTPS anyway and it isn't needed since the responses are already signed - http is fine.

That argument fails when you consider that some people want the
details of who they're talking to or asking about to be confidential,
not merely authentic.

I'm a believer in the idea that SNI and the Certificate messages
should happen under an ephemeral DH or ephemeral ECDH cover.  Others
fear-monger to say "maybe they shouldn't".

(Also, for completeness, the argument that "CAs are banned from
running OCSP servers over HTTPS anyway" is a straw man at best -- not
every CA is created or intends to be a member of or subject to the
mandates of the CA Security Council, formerly known as the CA/Browser
Forum.  And every attempt to encode policy into technical standards,
attempting to prohibit certain actions for whatever misguided
administrative reasons, is subject to being bypassed by people who
understand the various parts and how to glue them all together.)

To be fair, the OCSP responder certificate may or may not be
revoked... but honestly, if you're asking the OCSP responder for the
status of its own certificate you're opening yourself up to a
subordination/subversion attack anyway.  OCSP responders should have
very short-lived certificates, to minimize the temporal subordination
attack surface.

-Kyle H