[Responding to the same three lists as before, please trim followups if you feel it's off-topic] In response to my earlier "OCSP is unfixably broken, by design" comments, a couple of people have responded off-list with variants of "OK smartypants, how would you do it better?". In order to provide a general answer (and avoid fragmenting the discussion into lots of private-mail threads), I'll point to this: http://tools.ietf.org/id/draft-gutmann-cms-rtcs-01.txt This addresses all the problems I've pointed out in OCSP, as well as things OCSP never considered like performance issues (thus Verisign's security- breaking OCSP "optimisations"). It's been peer-reviewed and vetted, and I could have it re-posted in current draft format in a couple of days if there's any interest in finally switching validity-checking to proper whitelists (and fixing all of OCSP's other bugs). Two notes: 1. This isn't a "get my pet protocol published", just a convenient means of pointing out that this problem has been well-known among security architects, thought about, and solutions designed, at least a decade ago. 2. You may notice the rather odd form of the draft, as an S/MIME work item. The reason why this was never published was because it proved impossible to get past PKIX because it wasn't blacklist-based and was therefore incompatible with CRLs. The document starts in the late 1990s and mutates over time as I tried to work around PKIX' resistance to whitelist-based validity-checking. After a couple of years of battling to get anything like this adopted I just gave up, as the "CMS" in the draft implies towards the end I was resorting to trying to launder it via the S/MIME working group to get it published. I think it was when someone told me that it'd be referred back to PKIX for approval (as part of some IETF mechanism to prevent people doing end-runs around working groups as I was doing) that I realised it was never going to go anywhere. Anyway, a solution exists, it's been implemented and in active use for at least a decade, and I believe it fixes all of OCSP's numerous flaws as well as ones that were never even considered in OCSP, such as performance implications (in one test while looking at throughput I managed to - accidentally - DoS a LAN with a single 300MHz PIII machine running this protocol. Try doing that with OCSP). Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE