[cabfpub] CT and OCSP Stapling
Brian Smith
bsmith at mozilla.com
Wed Oct 24 04:03:23 MST 2012
Ben Laurie wrote:
> One thing I'd note is that OCSP requires the response is signed, but
> since the SCT is already signed, this signature is not needed. If we
> also said that the OCSP response could be signed by anyone for this
> particular response, then OCSP stapling could be used even with CAs
> that don't support it.
The server would have to be able to tell, by looking at the handshake, the difference between a client that supports these not-signed-by-the-issuing-CA OCSP responses and one that doesn't. Otherwise, a "normal" OCSP stapling client may reject the connection on the grounds that the OCSP response seems to have been forged.
But, if the client is going to signal its support for CT in its handshake anyway in a client hello extension, then the server might just as well put the SCT in the corresponding server hello extension. I am not sure there's a real-world situation where a server hello extension wouldn't work, but where the server would be able to receive the signal that third-party OCSP responses with SCT are supported from its TLS stack AND be able to vary the stapled OCSP response accordingly.
Cheers,
Brian
More information about the Public
mailing list