RE: OCSP Algorithm Agility

[Paul Hoffman <paul.hoffman@xxxxxxxx>]

At 5:49 PM -0400 9/21/07, Stephen Kent wrote:
> You are correct that to impose a total ordering on what may be more 
> appropriately described as a lattice implies a value judgement, and 
> the responder and client might have different perspective.

So, how does your solution help the client decide what to do with an 
OCSP response? It seems to me that it gives them one more piece of 
data that is open to disagreement.

> Lookng at your example, the CA should revoke the OCSP responder's 
> cert with the newly compromised, bad algs, and issue a new one. yes, 
> this is imperfect because we an encounter a circular revocation 
> status problem for a responder.

Others might say that a circular revocation status problem is "not 
helpful" or simply "broken".

> but I think this can be managed in a practical way by establishing a 
> reasonable re-issue frequency for the responder's cert.

...thereby introducing a new point of failure for OCSP response validation.

Maybe the problem of a MITM forging an OCSP response using a broken 
signing algorithm is not as bad as this solution.

--Paul Hoffman, Director
--VPN Consortium