RE: OCSP response pre-production

["Ryan M. Hurst" <rmh@xxxxxxxxxxxxxxxxxxxxx>]

Florian - the client can protect itself from replays if it cares to by
simply not trusting a response without a nonce; there is no need to
generate a server side nonce since the client can't do anything with it
anyhow.

Ryan

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Florian Oelmaier
Sent: Friday, September 26, 2003 10:37 AM
To: 'Michael Myers'; 'David Engberg'
Cc: Ryan M. Hurst; 'Ambarish Malpani'; ietf-pkix@xxxxxxx; 'Russ
Housley'; 'Stephen Kent'; 'Tim Polk'
Subject: RE: OCSP response pre-production


[...]

> Thus "Maybe the nonce is incorporated, maybe not" is 
> equivalent to NOT sending a nonce in the first place.  Which 
> rather defeats the purpose of sending a nonce.

Thats true. But this can be "cured"! If an OCSP-Responders that is able
to use nonces, detects a request without nonce, he simply includes a
self-generated nonce into his response. Thus an attacker is not able to
obtain a response without nonce from this particular responder. Thus he
cannot fool the client with a replay attack.

The client behaviour you describe is exactly the reason why our
responder (in its default configuration) will currently ALWAYS include a
nonce into the response (even at the cost of generating one by itself).

This way nonces are of value when used with a responder being able to
use them while simultaneous allowing response pre-production.

-- 
Florian Oelmaier
SyTrust