Re: what is the “Online Certificate Status Protocol”

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2011-03-09 at 01:30 -0800, erikmccaskey64 wrote:
> But: with wireshark i can see some "OCSP" packets
> [ http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol ]
>  
> Question: What are these packets? Why aren't there in HTTPS?

The page you referenced explains them.  

They're part of the verification process:  HTTPS checks the certificate,
and there's also another check to see if the certificate has been
revoked.  It's two processes, the certificate is stored on the website's
server, the revocation (if there is one) comes from another place.

Is your question why aren't they looked for with a HTTP accessed site?
They'll be used with a HTTPS transaction, but won't be part of a HTTP
one (insecure HTTP doesn't do any security tests).

Or, do you mean why isn't the OCSP traffic, itself, done using HTTPS?
Good question.

> Is my redirection method with privoxy is secure?

The basic premise seems okay, but such things fail when you hit parts of
a site that are only accessible using HTTP.  Then there's - securely
accessing a site that behaves in an insecure manner, in itself, isn't
much of an advantage.

What are you trying to secure against?  Man in the middle snooping?  Are
you using your home ISP, some internet cafe?

-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux