RE: OCSP response pre-production

["Deacon, Alex" <alex@xxxxxxxxxxxx>]

Florian,

I don't understand how adding a server generated nonce would help in this
situation.  How does this help the client protect against replay attacks?

Alex


> -----Original Message-----
> From: Florian Oelmaier [mailto:oelmaier@xxxxxxxxxxx]
> Sent: Friday, September 26, 2003 10:37 AM
> To: 'Michael Myers'; 'David Engberg'
> Cc: 'Ryan M. Hurst'; 'Ambarish Malpani'; ietf-pkix@xxxxxxx; 'Russ
> Housley'; 'Stephen Kent'; 'Tim Polk'
> Subject: RE: OCSP response pre-production
> 
> 
> 
> [...]
> 
> > Thus "Maybe the nonce is incorporated, maybe not" is 
> > equivalent to NOT sending a nonce in the first place.  Which 
> > rather defeats the purpose of sending a nonce.
> 
> Thats true. But this can be "cured"! If an OCSP-Responders 
> that is able
> to use nonces, detects a request without nonce, he simply includes a
> self-generated nonce into his response. Thus an attacker is 
> not able to
> obtain a response without nonce from this particular 
> responder. Thus he
> cannot fool the client with a replay attack.
> 
> The client behaviour you describe is exactly the reason why our
> responder (in its default configuration) will currently 
> ALWAYS include a
> nonce into the response (even at the cost of generating one 
> by itself).
> 
> This way nonces are of value when used with a responder being able to
> use them while simultaneous allowing response pre-production.
> 
> -- 
> Florian Oelmaier
> SyTrust
>