OCSP and TSA implementations missing RFC-required validations for eIDAS compliance #15
Description
Summary
The current OCSP (RFC 6960) and TSA (RFC 3161) implementations are missing several RFC-mandated validations. These gaps affect the legal validity of digital signatures under eIDAS regulation.
OCSP Compliance Gaps (RFC 6960)
1. Missing thisUpdate/nextUpdate Validation
RFC 6960 Section 4.2.2.1 requires clients to verify:
thisUpdateis sufficiently recentnextUpdate(if present) is greater than current time
Currently, stale or expired OCSP responses are accepted, invalidating certificate status guarantees.
2. Nonce Not Verified
A nonce is included in OCSP requests but is never verified in responses. This makes the implementation vulnerable to replay attacks, which is particularly critical for BDOC-TM time-mark signatures.
3. No Responder Certificate EKU Check
RFC 6960 Section 4.2.2.2 requires delegated responders to have the id-kp-OCSPSigning EKU (OID 1.3.6.1.5.5.7.3.9). This is not validated.
4. No CertID Match Verification
The response CertID (issuerNameHash, issuerKeyHash, serialNumber) is not compared against the request. A response for a different certificate could be accepted.
TSA Compliance Gaps (RFC 3161)
1. No Nonce for Replay Protection
RFC 3161 Section 2.4.2 specifies that if a nonce is in the request, it MUST be returned in the response. Currently, no nonce is generated or verified, providing no replay protection and no way to verify response timeliness.
2. No Certificate EKU Validation
RFC 3161 requires that TSA certificates have the id-kp-timeStamping EKU (OID 1.3.6.1.5.5.7.3.8). Timestamps from unauthorized services are currently accepted, which is fatal for qualified signatures.
3. No ESSCertID/ESSCertIDv2 Validation
RFC 5816 requires validation of the signing_certificate or signing_certificate_v2 attribute to ensure the response was signed by the expected TSA.
4. Certificate Presence Not Verified
The request sets cert_req=True but doesn't verify that the certificate is actually returned in the response.
Impact
These gaps affect:
- Legal validity of qualified electronic signatures under eIDAS
- Security against replay attacks
- Trust in certificate revocation status and timestamp authenticity