Certificates Gone Bad! Certificate Revocation Techniques Explained (CRL, OCSP, OCSP Stapling) - podcast episode cover

Certificates Gone Bad! Certificate Revocation Techniques Explained (CRL, OCSP, OCSP Stapling)

The Backend Engineering Show with Hussein Nasser
Dec 14, 202010 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

When the private key of a matching public key that belong to a certificate is leaked, an attacker can intercept server hello, use their own dh parameters sign it with the stolen private key and ship it to the client effectively doing MITM. This is extremely dangerous and we have no way in the client to know a MITM has happened.

That is why a certificate sometimes has to be revoked, and in this video I’m going to discuss those revocation techniques.

0:00 How Certificate Works

3:00 Certificate Revocation List

4:10 OCSP

7:00 OCSP Stapling

For the best experience, listen in Metacast app for iOS or Android