EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Offline validation?

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#20680
Posted: 06/29/2012 06:45:45
by Draycir Thailand (Standard support level)
Joined: 04/03/2012
Posts: 9

i understand that we need internet access to fully validate the x509 certificate, but seems like Adobe reader doesn't need that. Is adobe only check validation with the embedded CRL?
when i try to do offline validation i received OCSP not verified as one would expect.
Did adobe ignore this case and assume certificate valid base on what is embedded in the certificate?
#20683
Posted: 06/29/2012 07:02:21
by Draycir Thailand (Standard support level)
Joined: 04/03/2012
Posts: 9

reading up on OCSP, it seems like its purpose is similar to CRL
my question would be do we use internet connection to do anything else in this validation process beside getting the revocation list?
if not then maybe embedded CRL might be sufficient for a minimal validation
#20684
Posted: 06/29/2012 07:02:22
by Vsevolod Ievgiienko (EldoS Corp.)

Well, if Adobe reader didn't make any network requests during signature validation then its obvious that it used only those information that is available locally and is embedded into the document.
#20686
Posted: 06/29/2012 07:15:26
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
my question would be do we use internet connection to do anything else in this validation process beside getting the revocation list?

Internet connection is used to retrieve up-to-date CRLs and OCSP responses. It can be also used to retrieve missing certificates (based on special certificate extension) to build a full chain.

Quote
if not then maybe embedded CRL might be sufficient for a minimal validation

Its sufficient but your application won't be aware of certificate revocation if an up-to-date CRL/OCSP is not available.

Reply

Statistics

Topic viewed 581 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!