[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling
|
From: |
Petr Pisar |
|
Subject: |
Re: [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling |
|
Date: |
Wed, 19 Aug 2015 18:19:16 +0200 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Aug 19, 2015 at 03:37:06PM +0000, Tim Ruehsen wrote:
> Regarding MITM and other attacks... did you notice that OCSP responder URLs
> are HTTP (plain text) will all the insecurity ? I never saw a HTTPS URL, did
> you ?
>
There is no need for HTTPS. The OCSP response is signed by the CA's OCSP
responder. So the problem of OCSP response integrity reduces to verifying the
OCSP response signature. Of course to verify the signature, one needs to
verify OCSP responder's certificate. But this is the same story as with CRLs.
-- Petr
signature.asc
Description: PGP signature
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Deborah, 2015/08/12
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Vincent Lefèvre, 2015/08/12
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/13
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Vincent Lefèvre, 2015/08/18
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/19
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/19
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Vincent Lefèvre, 2015/08/19
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/19
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Vincent Lefèvre, 2015/08/19
- Re: [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling,
Petr Pisar <=
- Re: [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/20