[SSL Observatory] SSL CA compromise in the wild
Matt McCutchen
matt at mattmccutchen.net
Fri Mar 25 08:05:11 PDT 2011
On Fri, 2011-03-25 at 19:14 +1300, Peter Gutmann wrote:
> Erwann ABALEA <erwann at abalea.com> writes:
>
> >I'd create a long-lived OCSP responder certificate with the OCSPNoCheck
> >extension. This kind of certificate can't be revoked *at all*, and has the
> >same power as a CRL-signing key (which can be revoked).
>
> Ooh, nice! That's what I like about OCSP, there are just so many ways you can
> subvert it, and some of them were even designed in by the standards committee.
Right. OCSP relies on the certificates containing correct OCSP
pointers. It is not designed to defend against an attacker who can sign
arbitrary data.
And indeed, the attacker in this case could not. The reason CRLs and
OCSP couldn't be relied on is that many clients fail open if they cannot
check them.
--
Matt
More information about the Observatory
mailing list