Open gdhgdhgdh opened 7 years ago
The golang x/crypto/ocsp
library doesn't support the nonce extension and using a request/response nonce prevents offline signing as each response needs to be signed with the individual request nonce in the body which is not performant.
Also since OCSP responses have a built in validity period there are very few scenarios where a replay attack would actually be that bad.
Since this issue is still open: A replay attack should not be considered "not that bad", especially when talking about protecting cryptographic operations.
Use of a NONCE for OSCP was written into section 4.4.1 in the 06/1999 OSCP standard RFC-2560 and most recently updated by the NONCE Extension standard RFC-8954 in 11/2020. Not supporting NONCE functionality is not complying with an published internet standard.
While agreed that there is a performance hit when using NONCEs, so too is there a performance hit when using TLS over Non-TLS HTTP, but we still do it in part to protect the integrity of the data, as does a NONCE w/ OSCP.
When reading about OCSP in general I see that each request / response pair supports the use of a nonce to help guard against replay attacks.
Hence I was surprised to read at https://github.com/cloudflare/cfssl/blob/master/ocsp/responder.go#L227 that
We don't intend to support nonces
- would you mind describing why this is the case?