[cabfpub] OCSP Stapling and Short-Lived Certificates Proposal

Ryan Sleevi sleevi at google.com
Sat Mar 23 07:04:44 UTC 2013

On Mar 22, 2013 11:30 PM, "Eddy Nigg (StartCom Ltd.)" <
eddy_nigg at startcom.org> wrote:
> On 03/23/2013 02:44 AM, From Ryan Sleevi:
>> If the browser has obtained a valid OCSP response (eg: via OCSP
stapling), they can skip obtaining fresh revocation information - because
to every compliant implementation, it IS fresh revocation information.
> Let me help you thinking here....in this case there was at least ONE OCSP
check done, whereas in your case it's NONE.

Eddy, there was one check done.

By the attacker, who then stapled the response to their server. And now
every OCSP stapling supporting client *won't* perform their own check.
Because that is exactly how stapling is supposed to work.

The disconnect here seems to be the assumption that every client will check
OCSP at least once, so that the CAs revocation is meaningful. They won't.
They will use the stapled, outdated response. So the client will see the
cert as valid until the response expires - at which point the attacker is
forced to get a new response (which says revoked), or they stop stapling
and clients do OCSP themselves and see its revoked.

But that 7 day window *always* exists for *any* CA supporting OCSP,
*regardless* of how new the cert is.

> For an attack to be successful you can't rely on the possibility that A)
the victim has visited the site beforehand and B) nothing happened to the
cache and C) the software being used doesn't check OCSP again. This isn't a
reliable attack and too risky of being detected early.

No. The attacking server just staples a previously obtained, still time
valid OCSP response. No prior visit needed.

> What you propose is the perfect attack with no chance to intervene, very
reliably for 7 days. Usually more than enough for the target.

And this is the *exact* same attack of OCSP stapling. Which is core to the

> Regards
> Signer:
> Eddy Nigg, COO/CTO
> StartCom Ltd.
> startcom at startcom.org
> Blog:
> Join the Revolution!
> Twitter:
> Follow Me
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130323/2c5af8bf/attachment-0003.html>

More information about the Public mailing list