undefined | Better HN

0 pointssneak5y ago0 comments

The standard does not specify plaintext. It says the client may use encryption.

Even doing unauthenticated TLS is better than what they do now, because the current situation allows for full passive monitoring.

0 comments

3 comments · 1 top-level

angry_octet5y ago· 2 in thread

The problem with 'may' is that a network intermediary might block TLS connections to ocsp.apple.com knowing it would fall back to plaintext.

Apple could encrypt the payload though, using the Apple public key, which would solve the snooping by intermediaries problem.

sneakOP5y ago

A network intermediary blocking or altering the TLS is an active attack. Plain HTTP is also vulnerable to that, so unauthenticated TLS is no worse than the current situation.

TLS encrypts the payload just fine if you want that. That’s what TLS is for.

PS: You don’t encrypt something to someone else using your own public key.

angry_octet5y ago

I'm talking about when they block just the ocsp host TLS port. Heaps of places whitelist https for particular sites, and inspect the content to prevent TLS. Appliances that block TLS via packet inspection are dime a dozen. But the query/response fields can be an opaque encrypted blob and it would get through. Every Apple device obviously has the Apple pub key, and hence they can send encrypted messages back to Apple without needing any further PKI.

j / k navigate · click thread line to collapse