Talk:Online Certificate Status Protocol

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing  
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 

pls send me some certificate formats for my jornal book

Safari[edit]

Article says that Safari supports OCSP but it needs to be enabled in Keychain access. However, I have this disabled in Keychain Access but Safari is still querying OCSP servers. I suspect the settings in Keychain Access are ignored by Safari, and Safari has been using OCSP for some time. -- Ch'marr (talk) 00:34, 31 August 2011 (UTC)

Who runs the OCSP servers? Is there more than one?[edit]

This piece of information would be very useful for people who are trying to gauge the merits of OCSP. Are OCSP servers more trustworthy than certificate authorities? If they are run by businesses, how do the businesses make money?

OCSP requests always go to the certificate authority that signed the certificate in question - those are the ones with the authority to revoke them


50.174.74.32 (talk) 22:54, 19 August 2014 (UTC)

Okay, so, here we have some stuff. This is it. We are ready to go and make decisions. But the OCSP protocol is down. So what do we do?

A protocol is a recipe for procedures. A consortium somewhere, out there, has a protocol that they are not satisfied with. And for this reason I am being denied internet service and provided poor, harmful internet service.

My suggestion is that you provide (I'm guessing it's Mozilla Corps?) internet service without the OCSP protocol. Delete the text document describing the OSCP protocol specifications and procedures, and do not use it anymore. Then, go to the little switch thing that provides people internet, and turn __that__ one on.

My name is mmkstarr and my e-mail address (which I can't access at the moment, b/c your OCSP protocol doesn't work at all and so just give up on it) is starrtennis@gmail.com I am interested in hearing how things work, even if the mail doesn't reach me until after I'm not able to receive it. Which is how all mail works.

Another way to contact me is to drop pamphlets from helicopters. You could do that. In fact, I want to be contacted--so try that.

Further, if you simply have no one to __talk__ to, I recommend social media outlets, or objects, or other people.

Signing Off In Hopes Of A Silent Continuation,

mmkstarr

Mmkstarr (talk) 00:16, 20 August 2014 (UTC)

So have you guys fixed the problem yet? Can I help in any way?

Are OCSP a privacy risk?[edit]

It seems like contacting an OCSP server might have privacy risks. First, it creates a record on-the-wire of every secure site a user connects to. Not only can the OCSP server maintain this log, but eavesdroppers as well. Additionally, the article mentions that it is typically an HTTP connection (not HTTPS).

Questions:

  1. why is it typically HTTP and not HTTPS? -- the response is signed by the CA so, in theory, you can't really forge them -- the protocol has been partially broken see: http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatOCSP-PAPER2.pdf
  2. Can a user select OCSP servers that he/she trusts?
  3. Can browsers be configured to connect to OCSP servers only via HTTPS? — Preceding unsigned comment added by 128.112.139.195 (talk) 13:57, 18 October 2011 (UTC)