<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 11, 2015 at 10:02 AM, Eddy Nigg <span dir="ltr"><<a href="mailto:eddy_nigg@startcom.org" target="_blank">eddy_nigg@startcom.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class=""><br></span>
Well, I wasn't talking about stapling really :-)<br>
<br>
But stapling is supported currently by only 25% of web sites serving
certificates, but even here I believe servers can take a more
conservative approach and update the OCSP every X hours or so. I'd
recommend it in any case.</div></blockquote><div><br></div><div>Sure, but good security practices don't affect the minimum security. That's been the point repeatedly in these discussions. The question has been "How long can an attacker use a bad certificate" and "How quickly will clients notice" - and an attacker that can staple a response for 10 days (since stapling is widely supported in the major browsers) is an attacker that can use that bad certificate.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
For example Firefox caches the OCSP response for 24 hours only and
not at all between restarts. </div></blockquote><div><br></div><div>Sure, but it'll use the stapled response.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">From what I've seen Microsoft also uses
Cache-Control headers in order to determine for how long to cache
OCSP (and CRLs) which makes it a bit difficult to determine when it
would update, but I assume that CAs will leave this fairly short for
obvious reasons (also 24 hours range).</div></blockquote><div><br></div><div><a href="https://tools.ietf.org/html/rfc5019#section-6">https://tools.ietf.org/html/rfc5019#section-6</a><br></div><div><br></div><div>Beyond the fact that it doesn't matter (Stapling), the HTTP cache directives are fully manipulable by an attacker, because the OCSP response is served over HTTP. So the cache directives are hints, but don't supercede the (signed) information.<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class="">
</span></div>
</blockquote></div><br></div></div>