Re: DISCUSS: MUST reject in OCSPv1

[David Engberg <dave@xxxxxxxxxxxxxx>]

Florian -

Sorry, my misunderstanding.  I think that your strategy is also good if 
both the client and server implement it, but it sounds like your clients 
would have the same backward-compatibility problem if talking to someone 
else's old servers.  I.e. an attacker could send a nonceless request to 
an old existing server and record the nonceless response, and then 
replay that to your client to make you think that that server is 
securely signalling that it doesn't support nonces.

Does that make sense?


Florian Oelmaier wrote:
> Just for the record: I think you are referring to our server-generated nonces when you talk about "Florian's idea". And while Russel is signalling "NonceUnsupported" with a special nonce-value, we are singalling "NonceSupported" with the inclusion of a nonce into every request (mirrored from the request or server-generated). Thus we are not subject to the attack you mention, as this does not need any additional code in any existing client.
>
> Russ proposal is a change in the protocol. Thus we need to update all the clients and servers out there. Seeing that the proposed change is needed and recognizing it as a good solution, I would accept this.