ocsp.apple.com

[StevenBlack]

A place to assess this, and decide what we do.

Reference Jeff Johnson tweet thread: https://twitter.com/lapcatsoftware/status/1326990296412991489

Counterpoint: Does Apple really log every app you run? A technical look

[dnmTX]

for reference: https://support.apple.com/en-us/HT210060
It says that the domain is used for Certificate Validation 🤔

Also this: https://www.reddit.com/r/pihole/comments/e4kdhp/what_is_ocspapplecom/

[bigdargon]

Hi! This domain I have tracked, it is used to check certificates on Apple devices. It is not used for ad tracking or serving.

In some countries (including Vietnam), users install 3rd party apps, modded apps (like Youtube Cercuber, Youtube ++ to block ads..) or modded games. The developer signs the application to be able to install IPA files on iOS iPadOS devices, when Apple discovers that it will revoke the certificate through this domain. As a result, the installed application will not be able to open.

On iOS and iPadOS devices, blocking this domain name will prevent the system from checking for a valid certificate. And the installed application still opens, even though the certificate is revoked on the Apple server.

Here are some of the links I have captured

[bigdargon]

Now, Apple has created a new domain name ocsp2.apple.com

; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> ocsp2.apple.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24727
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ocsp2.apple.com.		IN	A

;; ANSWER SECTION:
ocsp2.apple.com.	7196	IN	CNAME	ocsp2-lb.apple.com.akadns.net.
ocsp2-lb.apple.com.akadns.net. 296 IN	CNAME	ocsp2.g.aaplimg.com.
ocsp2.g.aaplimg.com.	296	IN	A	17.253.75.203
ocsp2.g.aaplimg.com.	296	IN	A	17.253.75.201

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Thu Mar 04 10:18:42 +07 2021
;; MSG SIZE  rcvd: 149

[crssi]

Hi @bigdargon, would you mind to share from which application or service did you make a screenshot?

Thank you ❤️

[bigdargon]

@crssi The application above I am using is Surge 4. However, the license price with decrypt HTTPS is very expensive and has to subscribe every month. https://apps.apple.com/vn/app/surge-4/id1442620678

And another application with the same function as above, but only need to buy 1 time to use is Quantumlt X https://apps.apple.com/vn/app/quantumult-x/id1443988620

[crssi]

Thank you @bigdargon ❤️

[DavidCWGA]

I wouldn't recommend adding ocsp.apple.com - it's a valuable security feature for most users.

[dnmTX]

Steve @StevenBlack why is this still open? I hope you're not considering blocking this domain.
It's very much needed(security wise) for iPhone users !!!!

[StevenBlack]

Thanks fr the reminder Dan @dnmTX.

Closing.