← Back to context Comment by josephcsible 4 years ago Mandatory OCSP that fails open when you're offline is security theater. 2 comments josephcsible Reply snowwrestler 4 years ago OCSP fails open by definition because it is a revocation protocol. In the absence of revocation, a valid cert continues to be valid.The problem here is simply that Apple did not build a short enough timeout into their client. anticensor 4 years ago Make OCSP fail locked and it would be a software imprisonment protocol instead.
snowwrestler 4 years ago OCSP fails open by definition because it is a revocation protocol. In the absence of revocation, a valid cert continues to be valid.The problem here is simply that Apple did not build a short enough timeout into their client. anticensor 4 years ago Make OCSP fail locked and it would be a software imprisonment protocol instead.
anticensor 4 years ago Make OCSP fail locked and it would be a software imprisonment protocol instead.
OCSP fails open by definition because it is a revocation protocol. In the absence of revocation, a valid cert continues to be valid.
The problem here is simply that Apple did not build a short enough timeout into their client.
Make OCSP fail locked and it would be a software imprisonment protocol instead.