What is the exact difference between the Online Certificate Status Protocol (OCSP) and OCSP stapling, which seems to be "...an alternative approach to the Online Certificate Status Protocol (OCSP)"?
Asked
Active
Viewed 3,059 times
7
-
I think this could easily be answered by searching for definitions of both terms. – multithr3at3d Feb 22 '17 at 02:53
-
3@korockinout13 I don't think you could get the quality and succinctness of Arminius' answer by searching those terms. That's a great portion of what this site exists to provide. It's a good question with a good answer. – Jeff Ferland Feb 22 '17 at 17:54
-
1Can confirm, looked up definitions today and found the answer a neat summary of exactly what I was looking for. – c4urself Apr 05 '17 at 20:49
2 Answers
13
OCSP stapling is more efficient than regular OCSP and provides better privacy.
The OCSP protocol is used to determine if a certificate is still valid or has been revoked. Say, you want to securely connect to a website via TLS. To be certain that the certificate has not been revoked or expired, your browser can issue an OCSP request to the corresponding certificate authority. After receiving a signed confirmation of the certificate's validity, you then continue with the TLS handshake.
This process has some downsides: Contacting the CA costs time and slows down your browsing experience. It may also create high traffic volume for the CA, discloses to the CA which website you're visiting and you always have to rely on the availability of the OCSP responder since otherwise no confirmation is possible - and you would have to decide between accepting the certificate despite a lack of confirmation or abort the connection. For these reasons Google Chrome has dropped support for regular OCSP.
OCSP stapling avoids these problems by having the server issue the OCSP queries periodically itself. Instead of making the user perform the validity check, the web server would present you the OCSP response during the TLS handshake. It is not a security problem that the server performs the OCSP query itself as the response has been signed by the CA and includes a timestamp, thus preventing tampering. Since the server caches the response, the CAs aren't flooded with OCSP requests anymore and as a user you don't need to contact a third party to have a certificate verified which benefits your privacy.
Arminius
- 43,922
- 13
- 140
- 136
-
Can you conclude that OCSP stapling is more secure then regular OCSP? – Bob Ortiz Mar 14 '17 at 18:07
-
2@KevinMorssink It provides better privacy but I'd say the process itself isn't technically more secure. – Arminius Mar 16 '17 at 21:50
3
Somethings to add to @Arminius' answer:
- client initiated OCSP request and OCSP stapling still share a problem - non responsive OCSP responders. Whether it's the client, or the server that is being certified, that's getting the OCSP response, the responder is the same. If the responder is down, the whole security guarantees fall apart.
The absence of a valid OCSP response is dealt in two ways :
Hard Fail - a browser can display a warning on the page stating the connection might be compromised and require the user to click through the warnings to be able to browse the server in question.
Soft Fail - browser attempts to get a valid OCSP response (from the responder or from the certificate sent by the server in case of OCSP staple) but in the case of failure carries on with the connection and ignores the absence of a valid OCSP response.
In order to maintain availability the browsers usually prefer the 2nd approach.
It's hard to say that one way is more secure than the other. The OCSP staple does reduce the load on the responder reducing the chances of it being DOS-d by genuine requests. The cached responses on the server side speed things up quite a bit and reduce the load on the browsers to do the OCSP heavy lifting. That said an attacker can potentially still DDOS an OCSP responder and prevent even the genuine servers from obtaining a valid OCSP staple.
OCSP Stapling has however resulted in a lot of increased performances as is explained by this short but brilliant post by Nick Sullivan from Cloudflare in his blog. If we can get around the problem of Unresponsive OCSP Responders, and can find a way to be assured that an ocsp response will always be presented, certificates can be generated with ocsp-must-staple extension. THIS, if in place, would mean stronger security guarantees as compared to no ocsp staple.
