<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 03/23/2013 12:15 AM, From Jeremy Rowley:
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:12.0pt;line-height:115%;font-family:"Times
New Roman","serif"">First of all I don't
believe that there can be a robust mechanism to issue
certificates with such a frequency where the CA does its pre
and post issuance diligence. I'd consider such issuance more
risky than a controlled and supervised manner (assuming that
CAs did implement some due diligence for issuing
certificates in the post Diginotar aera). This is my main
objection and critical in my opinion.</span><span
style="font-size:12.0pt;line-height:115%;font-family:"Times
New Roman","serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; line-height:
115%; font-family: "Times New
Roman","serif"; color: rgb(31, 73, 125);">[JR]
Depends on the CA. Obviously, some CAs have better post and
pre issuance diligence practices than others.</span></p>
</div>
</blockquote>
<br>
Right, and don't forget that we aren't talking about Digicert and
StartCom, but a general policy change that could have some
significant implications.<br>
<br>
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size: 12pt; line-height:
115%; font-family: "Times New
Roman","serif"; color: rgb(31, 73, 125);"> I
think a correctly operating CA issuing short lived
certificates can have just as good of post issuance and pre
issuance diligence as one that issues longer lived certs.</span></p>
</div>
</blockquote>
<br>
That's what I have difficulty to believe - knowing the efforts
required for certificates with normal expiration periods, I can't
imagine that when volume of some automated mechanism goes up,
anything reasonable can be sustainable. Furthermore I don't believe
that there can be any pre-issuance diligence since that would risk
renewal of such certificates that rely on timely renewal.<br>
<br>
It's hard to believe that CAs would do their real due diligence for
such certificate, considering that there are probably still many CAs
which have to get their normal issuance processes improved (or which
consider theirs sufficient, but actually aren't).<br>
<br>
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size: 12pt; line-height:
115%; font-family: "Times New
Roman","serif"; color: rgb(31, 73, 125);">
In fact, better practices since they don’t have to worry
about OCSP up-time, CRL availability, and the timely
processing of revocation requests. <br>
</span></p>
</div>
</blockquote>
<br>
That's BS - a CA issuing such certificate wont stop their regular
issuance practices I assume. Would your CA stop issuing certificates
with a longer validity period of seven days if this proposal would
got forward? If not, you'll have to deal with it in any case.<br>
<br>
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:12.0pt;line-height:115%;font-family:"Times
New Roman","serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:normal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">Second, for an attacker 3 - 7
days is a long time to achieve their goals most of the time,
by repeating same attack which would go undetected due to
the above mentioned missing diligence, this could go on for
a while.</span><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 12pt; line-height:
normal;"><span style="color: rgb(31, 73, 125);">[JR] That
argument is bogus. Because of the BR 7/10 update
requirement, any attacker has between 7-10 days to make
their attack.</span></p>
</div>
</blockquote>
<br>
We can make it shorter if you want, no problem.<br>
<br>
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom: 12pt; line-height:
normal;"><span style="color: rgb(31, 73, 125);"> If you are
arguing for a shorter time under the BRs, I’d support that
and update my proposal for short-lived certs accordingly.</span></p>
</div>
</blockquote>
<br>
I'm supportive of the first part - how about 48-72 hours?<br>
<br>
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:normal"><span
style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:normal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">Third, most software
(browsers and other clients) check revocation usually on a
higher frequency then possible nextUpdate fields in OCSP and
CRLs, specially when relying on OCSP. Removing revocation
status DPs will allow an attacker to complete his attack
happily even if the CA has become aware of it. Software
updates wouldn't be fast enough either.</span><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 12pt; line-height:
normal;"><span style="font-size: 12pt; font-family:
"Times New Roman","serif"; color:
rgb(31, 73, 125);">[JR] Not accurate. As someone pointed
out a while ago, Microsoft caches responses for 80% of the
OCSP next update. Under the BRs this is 8 days. <br>
</span></p>
</div>
</blockquote>
<br>
And Mozilla caches for 24 hours. Very reasonable in my opinion.<br>
<br>
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:normal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:normal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">Forth, browsers don't check
revocation status all at the same time, making attacks more
difficult when revocation status DPs are defined (system
restarts, first access, access after 24 hours depending on
software trigger a revocation status check). This will make
an attack less reliable and also detectable by the client
(if configured correctly).<br>
<br>
</span><span
style="font-size:12.0pt;font-family:"Cambria","serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 12pt; line-height:
normal;"><span
style="font-size:12.0pt;font-family:"Cambria","serif";color:#1F497D">[JR]
Correct. Some browsers don’t check revocation at all. </span></p>
</div>
</blockquote>
<br>
Don't get me started :-)<br>
<br>
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom: 12pt; line-height:
normal;"><span
style="font-size:12.0pt;font-family:"Cambria","serif";color:#1F497D">I
hardly think that is an argument against a guaranteed method
of revocation checking like short lived certs provides.
Also, if the client can’t access the revocation information
(say in the case of a government sponsored attack), you’re
basically screwed using traditional revocation. You simply
can’t revoke the certificate, whereas with short lived
certificates you have assurance that those certificates will
at least cease functioning after a certain time.</span></p>
</div>
</blockquote>
<br>
OK, lets replace something broken with something broken....or lets
get it fixed. I prefer the later - which reminds me to ask the
browser vendors which improvements they've done lately for us? <br>
<br>
<blockquote cite="mid:021101ce274a$cd268540$67738fc0$@digicert.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:normal"><span
style="font-size:12.0pt;font-family:"Cambria","serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Would
it alleviate concerns if short-lived certs are issued from a
different intermediate than other certs? The intermediate
still contains revocation information. If something goes
horribly wrong, you can always shut off the intermediate.</span></p>
</div>
</blockquote>
<br>
That might be an idea, but what's the benefit? The intermediate CAs
will have to be checked in that case (which some software vendors
don't), so the benefit would be questionable. Also note that the
nextUpdate information for intermediates wouldn't be reasonable at
the moment for such certs (it would have to be similar to today's
leaves, e.g. 7 days or less for those that specially issue
short-lived certs).<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>