OCSP, Stapling And Android That Doesn’t Care

When surfing to an https protected website, most desktop browsers today make use of the Online Certificate Status Protocol (OCSP) to check the validity of the authentication certificate that was sent by the web site. There is lots of debate about whether this feature is useful or not but there's also a privacy aspect to this. Let me quote from Wikipedia:

"OCSP checking also impairs privacy, since it requires the client to contact a third party (the CA) to confirm certificate validity. A way to verify validity without disclosing browsing behavior would be desirable for some groups of users."

I guess I'm part of this group which is why I had a closer look at the OCSP Stapling feature after upgrading my Owncloud server to Ubuntu 14.04 which included an Apache web server update that supports the feature.

What is OCSP Stapling And How Is It Configured in Apache and Nginx?

In short, OCSP stapling means that the web server requests the OCSP information from the CA's OCSP server and then includes it as part of the TLS session establishment when a web browser sends a request for an https encrypted page. The advantage is that the web browser no longer has to send a request to the Certificate Authority to check the validity of the certificate that it has received from the website which in turn protects my privacy. Agreed, this one's part of the last 5% when it comes to privacy protection but every bit counts… Configuring OCSP stapling is actually quite straight forward and this post over at Digitalocean goes into the details including how to verify that everything is working.

Works Well On The Desktop But Android Doesn't Care

On the desktop, both Firefox and Thunderbird, the two programs I use most together with my Owncloud at home make use of the feature and no longer reach out to the Certificate Authority. A Wireshark trace nicely showed how the OCSP information is included during the TLS session establishment. Mission accomplished.

On the mobile side, Android doesn't seem to care at all about OCSP. That should probably not be very surprising as Google has disabled OCSP checking already back in 2012 in their Chrome desktop browser as well. No privacy issues here, good.

An interesting twist is the Opera Mobile browser on Android: When accessing my website it requests the OCSP status information during TLS session establishment and receives it. When going to another https site, however, which does not supply OCSP status information, there is no separate OCSP check as a consequence. That kind of defeats the purpose. But at least there's no privacy issue here.

One thought on “OCSP, Stapling And Android That Doesn’t Care”

  1. NIST SP 800-52r1 (http://dx.doi.org/10.6028/NIST.SP.800-52r1), which is normative for US government entities, requires that TLS services support OCSP stapling. In general, and because of the nature of PKI, relying parties are obligated to obtain certificate revocation information using either CRLs or OCSP (or OCSP stapling, which has only become generally available over the last year or so). OCSP stapling provides a pre-fetched response for the end-entity certificate only. Certificates from intermediate CAs still require separate validation as their status is not included in the stapled OCSP response. A thorough check of an end-entity certificate and the trust chain will still end up requiring additional reference to either CRL or OCSP. Not all PKI stacks perform such rigorous checking, and many (e.g., NSS) do not even perform CRL checking. OCSP stapling is preferred over OCSP queries primarily for TLS session initiation efficiency, though there is as you point out a privacy issue as well.

Comments are closed.