Collaborate Disseminate
ISPs where I live charge based on usage. A friend just moved here and blew through 60 GB of data ($115) in a couple weeks. When asked, the ISP provided a .csv of URLs and bandwidth usage over those 2 weeks. A pivot of that da… Continue reading Extremely high bandwidth usage for OCSP? [on hold]
We can directly request OCSP Server for certificate status. Then why is there an option to sign the request? Is it to identify incoming requests or something?
Based on RFC-6960 an OCSP Response should have the following as a minimum:
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
Here respon… Continue reading OCSP responseStatus, is it really useful?
I’ve done quite a bit of reading about PKI in ADCS and CRL/OCSP, but I can’t seem to find an answer to a small couple of questions I still have:
It is clear to me that even with OCSP in place, you still need a (delta) CRL (OCSP relies on … Continue reading PKI – CRL and OCSP
Has anyone implementated OCSP stapling in C?
How do I use the OCSP response received from OCSP responder to send to client in C?
Continue reading Does anyone have sample implementation of OCSP stapling in C?
In RFC 6960 4.2.2.3. Basic Response the response components are defined. This list does not contain the OCSP Responders certificate. If the responder is a delegate, the requester does not have a copy of the responders certif… Continue reading How can a client validate a OCSP Responders Delegate Certificate and how does it obtain it?
OCSP responses have a ‘nextUpdate’ field, which is the expected time for the new revocation update and that the current revocation can be considered valid. The revocations can be cached by the intermediate cert servers, which I have seen … Continue reading OCSP, CRLs, crlset – Revocation Delivery and Attacks
I would like to better understand the implications of maintaining a long lived (hours, days) TLS connection with respect to certificate revocation. As I understand TLS, the client verifies the server’s certificate during the … Continue reading Do long lived TLS connections pose a security risk?
In RFC6960 (https://tools.ietf.org/html/rfc6960) is written the request data contains the requested service and the OCSP responder checks, if the requested service is provided.
But when I had a look on OCSP’s ASN.1 specifica… Continue reading RFC6960 requested ocsp service definition
In RFC6960 (https://tools.ietf.org/html/rfc6960) is written the request data contains the requested service and the OCSP responder checks, if the requested service is provided.
But when I had a look on OCSP’s ASN.1 specifica… Continue reading RFC6960 requested ocsp service definition