On 03/09/11 09:30, erikmccaskey64 wrote:
> I use privoxy. In the user.action file i have a redirect rule and a few
> websites:
>
>
> { +redirect{s@http://@https://@} }
> .twitter.com
> .facebook.com
>
>
> Ok! it's working great, e.g.: if i visit any "*twitter.com" URL it gets
> redirected to HTTPS!
>
>
> But: with wireshark i can see some "OCSP" packets [
> http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol ]
>
>
> Question: What are these packets? Why aren't there in HTTPS?
>
>
> Is my redirection method with privoxy is secure?
>
>
> Thank you for any tips/opinions!
>
>
Hi,
SSL Certificates chains should be validated before they are used, OCSP is one
method used as part of the validation process, this is done during the
establishment of an SSL connection and is not encrypted. SSL encryption should
only be used once the certificate / public key chain has been validated.
If a certificate chain is compromised you don't want to use it, because someone
might be decrypting the traffic thought to be safe.
Look in the certificates you will find URLs for CRL, and/or OSCP.
Regards
Nigel Taylor
