ocsp process

[Benz63amg]

Are you guys on Mojave aware of this new ocsp.apple.com news that came up? This is the article that discusses it https://9to5mac.com/2020/11/13/apple-server-outage-reveals-mac-privacy-concerns/

 

[dsemf]

Are you guys on Mojave aware of this new ocsp.apple.com news that came up? This is the article that discusses it https://9to5mac.com/2020/11/13/apple-server-outage-reveals-mac-privacy-concerns/

This is no different than accessing a web page. Every web server gets the same kind of information. And the ISP sees every DNS request.

Does Apple retain the the details of the OSCP request? That is unknown at this point.

 

[Benz63amg]

This is no different than accessing a web page. Every web server gets the same kind of information. And the ISP sees every DNS request.

Does Apple retain the the details of the OSCP request? That is unknown at this point.

How is it not different? Why does Apple need to know how many times every single app is opened and at what time?

 

[dsemf]

How is it not different? Why does Apple need to know how many times every single app is opened and at what time?

We don't know if they are counting anything. The primary purpose to verify that the certificates related to the app have not been revoked.

DS

 

[Benz63amg]

We don't know if they are counting anything. The primary purpose to verify that the certificates related to the app have not been revoked.

DS

They do. And they know what time and when and how many times a day each application is used, Why do they need this info from each and every user? Read the article from 9to5mac it goes into detail about this

 

[egalitarian]

This is no different than accessing a web page. Every web server gets the same kind of information. And the ISP sees every DNS request.

Does Apple retain the the details of the OSCP request? That is unknown at this point.

Not quite as you can use dnscrypt. At least you are in control of which DNS you use. Not the case with OCSP. There are methods of doing this with privacy in mind but Apple chose not to keep your privacy.

 

[dsemf]

They do. And they know what time and when and how many times a day each application is used, Why do they need this info from each and every user? Read the article from 9to5mac it goes into detail about this

Only Apple knows if anything is being counted.

The article is also incorrect. When a 3rd party app is opened, the "developer certificate" is sent to OCSP to insure that the certificate has not been revoked. All of the apps from a developer have the same certificate so there is no way of knowing which app was opened.

DS

 

[Benz63amg]

Only Apple knows if anything is being counted.

The article is also incorrect. When a 3rd party app is opened, the "developer certificate" is sent to OCSP to insure that the certificate has not been revoked. All of the apps from a developer have the same certificate so there is no way of knowing which app was opened.

DS

So is the article from 9to5mac completely misleading and false? Is there a negative downside to adding the 0.0.0.0 ocsp.apple.com to the hosts file? Could it makes application stop working altogether after an X amount of time?

 

[Benz63amg]

Only Apple knows if anything is being counted.

The article is also incorrect. When a 3rd party app is opened, the "developer certificate" is sent to OCSP to insure that the certificate has not been revoked. All of the apps from a developer have the same certificate so there is no way of knowing which app was opened.

DS

How can i verify that 0.0.0.0 ocsp.apple.com is indeed blocking this MacOS service on my Mac? When i go to ocsp.apple.com in google chrome it returns a message "site can't be reached" which I’m assuming is good as it means it blocked properly in the hosts file however when i check the same address in Safari it shows "403 - Forbidden", Does this mean that ocsp isn't properly blocked on my Mac?

 

[egalitarian]

How can i verify that 0.0.0.0 ocsp.apple.com is indeed blocking this MacOS service on my Mac? When i go to ocsp.apple.com in google chrome it returns a message "site can't be reached" which I’m assuming is good as it means it blocked properly in the hosts file however when i check the same address in Safari it shows "403 - Forbidden", Does this mean that ocsp isn't properly blocked on my Mac?

What you are getting is probably a cached dns query. Clean your dns cache and try again. You should get the same result both in safari and chrome.