[Bug 310999]
Robin-comodo
310999 at bugs.launchpad.net
Mon Feb 20 13:58:02 UTC 2012
(In reply to [Baboo] from comment #100)
> OCSP traffic can be blocked at the same place where you
> do your MITM attack…
I agree that the OCSP traffic can be blocked by a MITM attacker, so the lack of OCSP traffic at the CA cannot be taken as concrete proof that the certificate was never live.
Nonetheless, a complete lack of OCSP traffic contrasts sharply with that observed by DigiNotar around the MITM use of the certificates they issued and leads me to the belief that a current real-world MITM attack would generate some OCSP traffic. I am also of the opinion that we would see some 'leakage' of OCSP traffic from those under a MITM attack even if it was the attackers aim to block OCSP - although I suppose that need not be the case for a very finely targeted attack at a small group of victims.
While OCSP silently soft-fails in the client there is no need for an attacker to block it.
If/When OCSP (or some other revocation checking method) hard-fails there would be no point in an attacker blocking it.
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list