Re: DISCUSSION: Nonce-specific error code for OCSP

[David Engberg <dave@xxxxxxxxxxxxxx>]

Michael Myers wrote:

> Further, the requestor which sent a nonce and received a
> non-nonced response can today infer "responder does not support
> nonces."  Something like 11 of 12 client side implementors claim
> ability to detect such.  Inclusion of an extension which in
> effect asserts that "I as responder give myself permission to
> disregard your nonce" does nothing to improve upon that.


I believe that it is not currently possible to infer this under the 
current spec.  An existing client can't tell the difference between a 
server that doesn't support nonces and a replay attack by an attacker 
who made a nonceless request.  An explicit "nonceUnsupported" extension 
in the signed body of the response allows a client to securely tell the 
difference between these cases.

OCSP and other PKIX standards currently allow some policy decisions to 
be made by the infrastructure authorities (CAs, responders) and others 
by the relying parties.  For example, the pkix-nocheck extension allows 
the infrastructure to tell clients that they should accept a delegated 
responder cert without performing validation.  This extension was 
approved, even though someone could have made an argument that "only 
clients should be allowed to set responder validation policies."

Something like "nonceUnsupported" would fall in the same category ... 
the infrastructure is telling interested clients about the security 
characteristics of that PK infrastructure and suggesting a security 
policy based on that information.