[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OCSP follow up

To: Haaino Beljaars <Haaino.Beljaars@xxxxxxx>
Subject: Re: OCSP follow up
From: David Maurus <lists@xxxxxxxxxx>
Date: Sun, 04 Aug 2002 17:27:37 +0200
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523

Hello Haaino,

Haaino Beljaars wrote:

Question: what is the response of the OCSP responder at time III ?

The OCSP responder will only tell you the current state of the certificate. It does not know about the time of the signature. If you want to prove that the signature was valid at that time, you need to archive the OCSP answer, and you need a timestamp, since there is an attack scenario where OCSP is not sufficient:

Attacker A requests the status of banker B's certificate when it is still valid, then steals the private key of B. Now he can generate a signature with any signing time before he has stolen B's private key, and can show the valid OCSP response that prooves that the certificate was valid at that time.

Because of this, if you want to show that a signature you've received was valid at the point in time when you accepted it, you need to also request a timestamp from a trusted third party.

IMHO, it would have been very practical if timestamping had been made part of OCSP. If there are good reasons against that, I'd be happy to be enlighted...

Best Regards,
David

Follow-Ups:
- RE: OCSP follow up
  - From: Olle Mulmo

References:
- RE: OCSP follow up
  - From: Haaino Beljaars

Prev by Date: OCSP concept question
Next by Date: I-D ACTION:draft-ietf-pkix-pr-tsa-02.txt
Previous by thread: RE: OCSP follow up
Next by thread: RE: OCSP follow up
Index(es):
- Date
- Thread