[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: OCSP follow up
Haaino, David,
Revocation time *is* provided in an OCSP response, so you do have some
probability of answering historical questions. (Given of course that
you know when the signature was actually performed, but that opens up
for the whole nonrep/TSA discussion so I won't go there.)
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
/Olle
-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx
[mailto:owner-ietf-pkix@xxxxxxxxxxxx]On Behalf Of David Maurus
Sent: den 4 augusti 2002 17:28
To: Haaino Beljaars
Cc: ietf-pkix@xxxxxxx
Subject: Re: OCSP follow up
Hello Haaino,
Haaino Beljaars wrote:
>Question: what is the response of the OCSP responder at time III ?
>
The OCSP responder will only tell you the current state of the
certificate. It does not know about the time of the signature. If you
want to prove that the signature was valid at that time, you need to
archive the OCSP answer, and you need a timestamp, since there is an
attack scenario where OCSP is not sufficient:
Attacker A requests the status of banker B's certificate when it is
still valid, then steals the private key of B. Now he can generate a
signature with any signing time before he has stolen B's private key,
and can show the valid OCSP response that prooves that the certificate
was valid at that time.
Because of this, if you want to show that a signature you've received
was valid at the point in time when you accepted it, you need to also
request a timestamp from a trusted third party.
IMHO, it would have been very practical if timestamping had been made
part of OCSP. If there are good reasons against that, I'd be happy to be
enlighted...
Best Regards,
David