what is the “Online Certificate Status Protocol”

[Tim]

On Wed, 2011-03-09 at 01:30 -0800, erikmccaskey64 wrote:
> But: with wireshark i can see some "OCSP" packets
> [ http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol ]
>  
> Question: What are these packets? Why aren't there in HTTPS?

The page you referenced explains them.  

They're part of the verification process:  HTTPS checks the certificate,
and there's also another check to see if the certificate has been
revoked.  It's two processes, the certificate is stored on the website's
server, the revocation (if there is one) comes from another place.

Is your question why aren't they looked for with a HTTP accessed site?
They'll be used with a HTTPS transaction, but won't be part of a HTTP
one (insecure HTTP doesn't do any security tests).

Or, do you mean why isn't the OCSP traffic, itself, done using HTTPS?
Good question.

> Is my redirection method with privoxy is secure?

The basic premise seems okay, but such things fail when you hit parts of
a site that are only accessible using HTTP.  Then there's - securely
accessing a site that behaves in an insecure manner, in itself, isn't
much of an advantage.

What are you trying to secure against?  Man in the middle snooping?  Are
you using your home ISP, some internet cafe?

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.