Re: OCSP in TLS handshake

[Marc Branchaud <marcnarc@xxxxxxxxxxxxxxx>]

Deacon, Alex wrote:
> nonceUnsupported does not preclude the use of OCSP responses in the TLS
> handshake.  My concern was ensuring what ever new text is added to v1
> does not preclude this use case.  In particular a client that receives
> an ocsp response that includes a nonce in a handshake must not reject
> the response because it contains a nonce it didn't generate.  

Thanks, Alex.

In that case, you're not talking about a real OCSP client: the TLS 
client doesn't perform the OCSP protocol.  You say that the (TLS) client 
shouldn't reject the response because of the nonce it didn't generate. 
I agree, but the client never generated an OCSP request, so there was 
never even an opportunity to generate a nonce.  It seems almost obvious 
that the nonce is irrelevant to the TLS client (when the response comes 
from the TLS server embedded in the TLS handshake).

I think it's wrong to equate this TLS client with a regular OCSP client.

Instead of trying to twiddle the OCSP spec to address these sorts of 
issues, I suggest that these (and whatever other) rules be gathered into 
a more general "Offline Processing of OCSP Responses" document.  This 
could be a separate I-D, or a new section in the OCSP (v2?) spec.

		M.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature