A new option to terminate the connection if the browser couldn't verify the certificate - OCSP Stapling)

[hnasr]

Type: feature request OCSP (Online Certificate Status Protocol Stapling) is a protocol that allows the client to ask the server for a signed time-stamped response (signed by the CA) to prove that a not-yet-expired certificate is still valid. This is to avoid cases where a CA revokes a server's certificate for any reason (e.g. server hacked, or turns out to be shady).

Most modern browsers support sending the OCSP requests by default as part of the TLS handshake client hello. The problem is they don't always inform the user if the OCSP request is successful and the certificate is still valid. If the server doesn't send back a stapled OCSP signed timestamp response, browsers might fall back to requesting the certificate validation from the CA which could also potentially fail or timeout. If the CA is not reachable, the browser may just allow the user to connect to the to the server assuming the certificate is valid. At that point the user might have been granted access to a malicious server.

I think a nice to have feature in HTTPS everywhere is to provide an option (disabled by default) to force terminating the connection if the server doesn't support OCSP stapling AND if the client couldn't verify the certificate validity with the CA (e.g. CA is unreachable, timeout.. etc). This is instead of relaying on a more relaxed browser implementation which may allow that connection in favor of a better user experience.

Thank you for an amazing product.

-Hussein

[pipboy96]

@zoracon What's your opinion?

[J0WI]

That's basically what security.OCSP.require does in Firefox. Edit: this does not enforce OCSP stapling, but Firefox supports the OCSP Must-Staple extension. Traditional OCSP requests can leak sensitive information (see https://github.com/tlswg/draft-ietf-tls-esni/issues/156).