[cabfpub] Mozilla SHA-1 further restrictions
andrew at sslmate.com
Mon Nov 21 21:08:20 UTC 2016
On Fri, 18 Nov 2016 22:36:48 +0000
Wayne Thayer via Public <public at cabforum.org> wrote:
> > * The CA takes care the all of the signed data is either static,
> > defined by the CA, or of a known and expected form.
> Should we specifically ban nonces in OCSP responses?
I think that would be a good idea.
In addition, the OCSP responder must return an unsigned "unauthorized"
response for unknown certificates (as permitted by RFC5019) rather than
a signed "unknown" response. That's because the "unknown" response
echoes back an attacker-controlled serial number which some
implementations allow to be an arbitrary length.
This seems like a simpler rule to follow and verify than saying the
response must be of a "known and expected form."
More information about the Public