0

Learning abit about allowed OCSP hosts on Windows 10:

I've picked up OCSP requests carried out by CryptSvc pointing towards an OCSP server in Japan. Referring to Microsoft's Win10 Non-enterprise endpoint lists, I've already witnessed and confirmed official connections to these domains. But the system attempts to make further connections to a unlisted Japanese OSCP service. From googling I understand the organization owning it DOES organize OCSP work for japan. However I am living in Oceania. (Domain-Name: scrootca2.secomtrust.net)

For anyone well versed about common endpoints for Win10 Non-Enterprise OCSP: I'd appreciate if someone can explain if Win10 is configured to further acquire OCSP certs from a list of hosts not listed officially or, if in this case I should be cautious of this connection. For context I live in Oceania. Layman logic would have me assume that, if anything, OCSP hosts within the country or region will be taillied instead. Is this is simply the closest OCSP service for my region that Microsoft uses?

https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1909-non-enterprise-editions

N S
  • 41
  • 3
  • I understand the implication of my claim. I would be suggesting that something managed to 'spoof' certification if my PC is somehow making connections to a 'false' OCSP host (i.e my CA root would've had to be modified somehow for this to be fake) – N S Nov 24 '21 at 04:33

0 Answers0