[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling
From: |
Tim Ruehsen |
Subject: |
[Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling |
Date: |
Wed, 19 Aug 2015 15:37:06 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.1.0 |
Follow-up Comment #10, bug #43799 (project wget):
Wget does not have 'normal' OCSP built in.
Well, OCSP stapling works transparently within GnuTLS and is turned on by
default.
When GnuTLS comes back with GNUTLS_CERT_REVOKED and all we can do is to say
"The certificate of %s has been revoked". Because I know of now way to say if
this is because of OCSP stapling or due to loaded CRL files.
But OCSP stapling only holds the OCSP response for one (the server's)
certificate. Most servers today seem to have a chain of certs... OCSP stapling
alone gives one more check but no security.
Regarding MITM and other attacks... did you notice that OCSP responder URLs
are HTTP (plain text) will all the insecurity ? I never saw a HTTPS URL, did
you ?
BTW, https://www.google.de still has a 3 cert chain, one of them without AIA
element (so no possibility for OCSP / rervokcation checking).
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?43799>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Deborah, 2015/08/12
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Vincent Lefèvre, 2015/08/12
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/13
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Vincent Lefèvre, 2015/08/18
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/19
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/19
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Vincent Lefèvre, 2015/08/19
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling,
Tim Ruehsen <=
- [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Vincent Lefèvre, 2015/08/19
- Re: [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Petr Pisar, 2015/08/19
- Re: [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling, Tim Ruehsen, 2015/08/20