Re: [TLS] New version of Multiple OCSP mode of Certificate Status

["Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>]

On Wed, 04 Aug 2010 19:47:48 +0200, Martin Rex <mrex@sap.com> wrote:

> Yngve Nysaeter Pettersen wrote:
>>
>> Opera has a 15-20 second timeout for such operations, as well as AIA
>> intermediate CA cert retrieval.
>
> Why is Opera doing something as extremely dangerous as intermediate CA  
> Cert
> retrievel based on AIA?

Opera, and AFAIK MSIE, retrieves these specified certificates in an  
attempt to complete the incomplete chain that the server sent, and there  
are too many of those servers around (As an example, try  
https://member.ruten.com.tw/user/login.htm in a few browsers, which is at  
the time of writing missing a Versign G2 intermediate cert).

Opera only accepts these certificates if they chain to an already known  
and trusted Root, and verify successfully once the chain is completed.  
Should the downloaded certificate turn out to be a Root it is  
automatically discarded. If they pass all of this, the certificate is  
cached.

The only other alternatives are to either display a certificate warning  
for those sites, or ship with every intermediate in the Root repository.

See also http://my.opera.com/yngve/blog/2007/12/21/new-w-not-in-kestrel4  
for background.

As for danger, I would think that it is no more dangerous than going to  
arbitrary websites are already, or downloading OCSP and CRLs (which are  
also specified in the certificate).

-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************