> There are a number of advantages: > + smaller data to transfer > + some sites may not give you their CRL (for privacy concerns) > + possibly-quicker data, easier (cf indirect CRL's and Freshness) > + if you hash the document and use that as the nonce, you can tie > the OCSP response to the document, providing you did due diligence
If you use the hash of the document to calculate the nonce, be aware that your OCSP-response becomes vulnerable to replay-attacks in certain circumstances, as the nonce can be guessed. Scenario: I prepare an email, calculate the hash, ask with the hash as a nonce for the validity of your certificate. Then I will steal your private key. You revoke your certificate. I send the prepared mail with your signature to your friend. When he asks for certificate validation using OCSP I will replay the answer I got before. He believes it, as the nonces are correct. There are ways to prevent such scenarios but if you are unsure you should use a true random nonce. ciao, Fl0 -- Dipl.Inf. Florian Oelmaier Head of Development syTrust S.A. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
