[cryptography] OCSP needs to be stapled, pinnable

Nico Williams nico at cryptonector.com
Wed Feb 8 19:38:07 EST 2012


PKI should have had stapled OCSP from the word go.  If it had then I
think we'd probably be quite happy to use OCSP today.  Given that we
don't have this in place I think what Google is doing with Chrome
(pushing CRLs to the browser) is a very reasonable approach, but
still, I wish we could have stapled OCSP.

There are no captive portal issues with stapled OCSP.  The main issue
with stapled OCSP is that it's not deployed widely enough.  There are
probably also operational considerations, such as whether servers can
be configured to fetch fresh OCSP Responses frequently enough or at
all (e.g., if firewalls prevent outbound connections, in which case we
might need a mechanism by which OCSP Responses can be sent to servers
for them to cache).

As with other things about a certificate that we want to "pin", it'd
be nice if a) servers could advertise that they always staple OCSP, b)
RPs could learn this and insist on OCSP being stapled when they've
seen it stapled and advertised as "will always be stapled".

I'm thinking that regarding HSTS, it'd be nice to have a certificate
extension by which to advertise what elements of a certificate RPs
should pin.

Similarly, it'd be nice to have a certificate extension by which to
advertise that a certificate will always have an OCSP Response
stapled.

Is it too late?

Nico
--



More information about the cryptography mailing list