Walter H. wrote: > On 31.10.2015 13:01, Michael Ströder wrote: >> Walter H. wrote: >>> On 30.10.2015 21:42, Michael Ströder wrote: >>>> Walter H. wrote: >>>>> On Thu, October 29, 2015 11:07, Jakob Bohm wrote: >>>>>> She (Eve) would know that the requesting party Alice >>>>>> was talking to Bob at the very moment she sent Trent >>>>>> the OCSP *request* for Bob's certificate. >>>>>> >>>>>> [...] equivalent of having (almost complete) real time >>>>>> copies of everybody's phone bill/call records. >>>>>> Who was calling who at what time. >>>>> this is not a problem as long as the public keys (the certificates) are >>>>> not really public; >>>>> because in your example Eve doesn't have the knowledge which certificate >>>>> the specific serial number has ... >>>>> >>>>> if the public keys (the certificates) are searchable by public - the worst >>>>> case direct by a search engine like google - then you would get an >>>>> absolute security whole: >>>> Update for you: https://crt.sh/ >>>> >>> you know the difference between SSL and S/MIME? >> I know the difference very well - probably even longer than you. > sorry I don't think so, because you didn't really reply anything in connection > with S/MIME as I mentioned,
So, so... > give me a hint for finding S/MIME certificates, finding my own would be nice; You claim that clear-text OCSP requests are not a privacy issue. So you should explain how you keep your *public*-key cert from being intercepted somewhere. You can't. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
