Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OCSP Revocation Check On Entire Certificate Chain

Tags:

security

ssl-certificate

certificate-revocation

ocsp

When you request for an OCSP server to check the revocation status of a cert, does it automatically check the revocation status of the entire chain?

i.e: if it says the cert is "good", then does that imply the entire chain is good?

I read the spec: http://www.ietf.org/rfc/rfc2560.txt

but it still seems unclear to me.

Wikipedia does mention chained OCSP requests:

http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

like image 812
Anthony Avatar asked May 04 '12 14:05

Anthony

1 Answers

The OCSP responder will only check the status of the particular certificate that is specified in the OCSP request. The responder will ignore the rest of the chain.

A browser may choose to send multiple OCSP Requests in order to check each certificate as it traverses up the chain, but this is currently implemented in a browser-dependent manner across the different vendors, and is further confused by the fact that browsers will cache intermediate certificates served by arbitrary SSL servers and re-use them in chains for different leaf certificates. Some browsers will even try and automatically download up-to-date intermediates from third sources, even when the SSL server is sending an older one. However, it should be noted that in general (at present), intermediate-certificates are mostly not set up to have OCSP information, so it is unlikely that they are OCSP-checkable anyway.

On a related note, there is a new part of the spec that allows for a browser to request multiple OCSP checks within the same HTTP post -- with the intention of allowing the intermediates to be checked along with the leaf-- but nothing yet supports this, and this is likely to only be supported on servers that employ OCSP stapling (Apache 2.4+ etc), otherwise the resultant load on a OCSP responder for an intermediate certificate, without stapling, is likely to make it fall straight over. (With an intermediate certificate signing hundreds of thousands of leaves, imagine how hard it would get hit for revocation requests, without the benefit of widespread support of the distributed caching that stapling will bring).

The root certificates, of course, can't be checked by OCSP. They are signed by themselves, so if trust has gone, there's nowhere to look, and you just need to remove the root cert from the client.

like image 62
Cheekysoft Avatar answered Sep 29 '22 08:09

Cheekysoft
Sign in to Comment

Related questions

What is the purpose CAS (Code Access Security)?
CSRF Protection in AJAX Requests using MVC2
Secure Python Markdown Library [closed]
How is ActiveSupport::SecureRandom secure?
Saving session data securely in PHP
Hiding PHP Files Outside WWW for Security
PHP Secure Login - password encryption
Is MD5 a good way to generate account verification code
Zend_Auth setCredentialTreatment
Sandbox JVM to secure server from untrusted sources
How can I allow a user to download a file which is stored outside of the webroot?
PHP - Passing data from a site to another site securely
Submitting passwords via ajax
Security: Block bad spiders and bots from access to website using htaccess and HTTP_USER_AGENT
how safe is php curl in ssl/https?
Spreading MongoDB across EC2 regions
Is it beneficial to encrypt usernames stored in the database?
Android in-app billing verification
Generating Random Numbers Securely in Objective-C
What's the recommended Bcrypt C implementation? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!