OCSP blog posts, some minor spell fixes.

blog/2019-08-06-trouble-with-ocsp.markdown

@@ -5,14 +5,13 @@ date: 2019-08-06
 comments: true
 tags: ocsp, tor, security, privacy
 ---
-# Trouble with OCSP
 
-> This is a post about side channel information leakage that was present in OnionBrowser in some OCSP flows. This is not a exhaustive documentation of OCSP protocol.
+> This is a post about side channel information leakage that was present in OnionBrowser in some OCSP flows. This post omits a lot of details about OCSP protocol.
 
-Digital certificates are issued for a longer timespan. It reduces maintaince overhead. Most of the cases CAs issue a certificate and they are valid untill the expiration time.
+Digital certificates are issued for a longer timespan. It reduces maintenance overhead. Most of the cases CAs issue a certificate and they are valid until the expiration time.
 
 But what are we to do when a certificate is compromised? We can
-re-issue a certificate, but the old one is still in the wind. Thats
+re-issue a certificate, but the old one is still in the wind. That's
 where Online Certificate Status Protocol comes in. It defines a way to
 check validity of a certificate in a timely[^1] manner.
 
@@ -30,7 +29,7 @@ the certificate itself, removing the need for another seperate
 request.
 
 ## Dissecting an OCSP Request
-If the request is <255 bytes, OCSP allows it to be passed as a GET path. So a typical request looks like this
+If the request is <255 bytes, OCSP allows it to be passed as a GET path. A typical request looks like this
 
 ```bash
 GET http://ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISA6D%2BPqgUVCy3wtolHIxq%2Bk0e
@@ -77,7 +76,7 @@ curl https://crt.sh/?serial=03a0fe3ea814542cb7c2da251c8c6afa4d1e
 ## Privacy Takes a Backseat.
 
 Careful examination of above workflow will reveal that the OCSP flow
-is happening over HTTP. Most issuers seems to stick to http; possibly
+is happening over HTTP. Most issuers seem to stick to http; possibly
 to avoid cyclical dependencies. This means man-in-the-middle leakage
 of certificates a user is validating is happening, and by extension
 leakage of websites user is accessing.
@@ -97,11 +96,11 @@ Whenever Onion Browser accesses a website with EV cert, (for e.g
 
 I stumbled upon this accidently while inspecting requests from my
 iPhone with [mitmproxy](https://mitmproxy.org/). The bug was reported
-to Onion Browser team and [they have a better write up of the
+to Onion Browser team and [they have a nice write up of the
-situation](https://github.com/OnionBrowser/OnionBrowser/wiki/2019-178:-sites-with-EV-HTTPS-certificates-leak-information-via-OCSP). Unfortunatly
+situation](https://github.com/OnionBrowser/OnionBrowser/wiki/2019-178:-sites-with-EV-HTTPS-certificates-leak-information-via-OCSP). Unfortunately,
-it is really hard to fix. :-(
+it is hard to fix. :-(
 
 
 
-[^1]: Opposed to checking againist a [Certificate Revocation List](https://en.wikipedia.org/wiki/Certificate_revocation_list).
+[^1]: Opposed to checking against a [Certificate Revocation List](https://en.wikipedia.org/wiki/Certificate_revocation_list).
-[^2]: Familier readers will note that this is plain OCSP, the non-stapling kind.
+[^2]: Familiar readers will note that this is plain OCSP, the non-stapling kind.

css/theme.css

@@ -37,6 +37,10 @@ body {
     text-align: left;
 }
 
+blockquote {
+    font-style: italic;
+}
+
 video, code {
     font-weight: 500;
     max-width: 100%;