
<div dir="ltr"><div><span id="gmail-docs-internal-guid-71d07e0f-7fff-00bb-79fa-abe6739cf945"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Hi Martijn,</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"> </p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Thank you for opening up the conversation (and my apologies for the delay in my response)! Responses are inline, below.</span></p></span></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span lang="EN-US">Would you be able to make this into a draft pull request already? That may aid in discussing and adding suggestions directly int GitHub.</span></blockquote><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US"><u></u><a href="https://github.com/cabforum/servercert/pull/402" style="text-decoration-line:none"><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">Done</span></a><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">!</span> <u></u></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span lang="EN-US">At the moment, the one item that caught my attention is the proposed removal of having to revoke short-lived subscriber certificates. <br></span><span lang="EN-US"> <br></span><span lang="EN-US">As I understand it, the proposal on the one hand removes the needs for adding an OCSP Pointer and CRLDP into Short-lived subscriber certificates. With the current requirement from several root store operators to disclose CRLs into CCADB (even when not actually included in the subscriber certificates) however, CAs still need to generate and publish CRLs, even for Short-lived Subscriber Certificates.</span></blockquote><div><br></div><span id="gmail-docs-internal-guid-f61e7347-7fff-a9c6-ca04-485cf72ee9cb"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Correct. As currently presented in the draft and discussed further below:</span></p><br><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">CAs may optionally issue Short-lived Subscriber Certificates</span></p></li><li dir="ltr" style="list-style-type:disc;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">CAs may optionally revoke Short-lived Subscriber Certificates</span></p></li><li dir="ltr" style="list-style-type:disc;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">X.509/</span><a href="https://www.rfc-editor.org/rfc/rfc5280#section-3.3:~:text=A%20CRL%20is%20a%20time%2Dstamped%20list%0A%20%20%20identifying%20revoked%20certificates%20that%20is%20signed%20by%20a%20CA%20or%20CRL%20issuer%0A%20%20%20and%20made%20freely%20available%20in%20a%20public%20repository." style="text-decoration-line:none"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">RFC 5280</span></a><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> describes a CRL as “</span><span style="background-color:transparent;font-style:italic;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">a time-stamped list identifying </span><span style="background-color:transparent;font-style:italic;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">revoked</span><span style="background-color:transparent;font-style:italic;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> certificates that is signed by a CA or CRL issuer and made freely available in a public repository.</span><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">” </span></p></li></ul><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Consequently, if a Short-lived Subscriber Certificate is not revoked, we should not expect it to appear on a CRL disclosed to CCADB. </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Regardless of whether a CA issues Short-lived Subscriber Certificates, it does not change the expectation of root program policies related to CRL generation and publication. As an aside, it seems reasonable to expect that a CA that only issues Short-lived Subscriber Certificates would sign a CRL with no revoked serial numbers represented.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">I do not interpret the failure to revoke a Short-lived Subscriber Certificate to conflict with </span><a href="https://www.apple.com/certificateauthority/ca_program.html#:~:text=Effective%20October%201,Apple%20Root%20Program." style="text-decoration-line:none"><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">Apple</span></a><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> or </span><a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#:~:text=Effective%20October%201,Partitioned%20CRLs%22%3B%20and" style="text-decoration-line:none"><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">Mozilla’s</span></a><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> requirements for CRL publication. However, those program representatives are encouraged to share their interpretations to avoid assumptions.</span></p></span><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span lang="EN-US">The proposal to remove the 24 hour and 5 day rules for revocation on these certificates seems to make it completely impossible to revoke these certificates, which seems like another security boundary is being removed.</span><span lang="EN-US"> <br></span></blockquote><div> </div><div><span id="gmail-docs-internal-guid-134bd51f-7fff-20c8-ba10-1d7ab9679812"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">More below, but minor clarification - the proposal expresses revocation for Short-lived Subscriber Certificates is </span><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">optional</span><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">. </span></p></span></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span lang="EN-US"></span><span lang="EN-US">I can’t help but think the contrast is very big on this. Are we ready to allow for potential subscriber key compromises and the inability to revoke at all for up to 10 days vs required revocation within 24 hours at this moment?</span></blockquote><div><br></div><span id="gmail-docs-internal-guid-f34e71e5-7fff-8218-bbc8-1b6fe9a16bc8"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Thanks for calling attention to this. </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">In my last message, I highlighted that one of the update’s goals was to align the BRs with browser behavior. The proposed changes related to Short-lived Subscriber Certificates are consistent with today’s </span><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">default</span><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> behavior of many, but not all, of the browsers represented in this Forum. </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-style:italic;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">[</span><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-weight:700;font-style:italic;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Disclaimer</span><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-style:italic;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">: I cannot and do not intend to speak authoritatively for any of the products represented in the list below other than Chrome. Please call out anything that is inaccurate or misrepresents existing functionality!]</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">For example:</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">By default, regardless of validity, Chrome does not perform online OCSP or CRL checks for TLS server certificates. Chrome will honor stapled OCSP responses and communicates some status information via CRLSets, a feature primarily intended to communicate the status of CA certificates. </span></p></li><li dir="ltr" style="list-style-type:disc;font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Edge’s behavior is </span><a href="https://textslashplain.com/2022/08/01/certificate-revocation-in-microsoft-edge/" style="text-decoration-line:none"><span style="color:rgb(74,110,224);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">similar</span></a><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> to Chrome’s (Chromium-based).</span></p></li><li dir="ltr" style="list-style-type:disc;font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Mozilla’s </span><a href="https://wiki.mozilla.org/CA/Revocation_Checking_in_Firefox#:~:text=Firefox%20does%20not%20perform%20any%20form%20of%20revocation%20checking%20for%20certificates%20with%20a%20validity%20period%20of%20less%20than%2010%20days.%20That%20period%20is%20configurable%20via%20the%20security.pki.cert_short_lifetime_in_days%20preference." style="text-decoration-line:none"><span style="color:rgb(74,110,224);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">Wiki</span></a><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> states Firefox “does not perform revocation checking for certificates with a validity of less than 10 days.”</span></p></li></ul><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We know the above behavior is only true for some user agents. For example, Apple’s default status-checking behavior currently relies on OCSP checks (online and cached). Some user agents offer policies that change the default behavior to enable online revocation checks (e.g., “</span><a href="https://chromeenterprise.google/policies/#EnableOnlineRevocationChecks" style="text-decoration-line:none"><span style="font-family:Arial;color:rgb(74,110,224);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">EnableOnlineRevocationChecks</span></a><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">” in Chrome). For context, across clients where this policy is supported and measurable, Chrome sees it enabled for less than .1% of stable users.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Regardless of certificate validity, when online checks are performed by default, it is not clear to what extent these checks result in soft failures because:</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"> </p><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Response timeouts (e.g., the response is not received within 2 seconds - possibly due to client networking issues or CA-side errors)</span></p></li><li dir="ltr" style="list-style-type:disc;font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Requesting host is compromised or under active attack (e.g., status request is intentionally misrouted or the response is blocked - and in this case, limiting the corresponding certificate validity </span><span style="background-color:transparent;font-style:italic;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">could </span><span style="background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">improve users’ security compared to a 398-day certificate)</span></p></li></ul><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">The maximum 10-day certificate validity is aligned with the existing maximum values for CRL nextUpdate and OCSP response validity allowed by the BRs today. It’s possible, through these discussions, we realize the desire to re-evaluate these permitted thresholds (e.g., the CRL requirements have existed since </span><a href="https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf" style="text-decoration-line:none"><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">Version 1</span></a><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> of the BRs). It seems reasonable to correlate the validity of a Short-lived Subscriber Certificate with the nextUpdate / response validity periods - but I am open to other perspectives.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">It might be compelling to better understand the impact of this proposed change by studying historical data (though imperfect, it might allow us to better imagine future impacts). For example, knowing how often, on average, we see certificates revoked within ten days of issuance - and what percentage of those are marked with a reasonCode of keyCompromise. Given the dynamic nature of CRLs (e.g., revoked certificates falling off lists), this analysis might best be accomplished by CAs.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">In any event, I’m happy to see this conversation beginning and am hopeful we’ll hear from additional participants (either on the thread or on GitHub) soon.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(14,16,26);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">- Ryan</span></p></span><br class="gmail-Apple-interchange-newline"><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Nov 4, 2022 at 7:50 AM Martijn Katerbarg <<a href="mailto:martijn.katerbarg@sectigo.com">martijn.katerbarg@sectigo.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg1492859517540503940">


<div lang="en-SE" style="overflow-wrap: break-word;">

<div class="m_1492859517540503940WordSection1">

<p class="MsoNormal"><span lang="EN-US">Ryan,<br>

<br>

Would you be able to make this into a draft pull request already? That may aid in discussing and adding suggestions directly int GitHub.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">At the moment, the one item that caught my attention is the proposed removal of having to revoke short-lived subscriber certificates. 

<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">As I understand it, the proposal on the one hand removes the needs for adding an OCSP Pointer and CRLDP into Short-lived subscriber certificates. With the current requirement from several

 root store operators to disclose CRLs into CCADB (even when not actually included in the subscriber certificates) however, CAs still need to generate and publish CRLs, even for Short-lived Subscriber Certificates.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">The proposal to remove the 24 hour and 5 day rules for revocation on these certificates seems to make it completely impossible to revoke these certificates, which seems like another

 security boundary is being removed. <u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">I can’t help but think the contrast is very big on this. Are we ready to allow for potential subscriber key compromises and the inability to revoke at all for up to 10 days vs required

 revocation within 24 hours at this moment?<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><br>

Martijn<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="en-SE"><u></u> <u></u></span></p>

<div>

<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">

<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">servercert-wg-bounces@cabforum.org</a>>

<b>On Behalf Of </b>Ryan Dickson via Servercert-wg<br>

<b>Sent:</b> Tuesday, 1 November 2022 13:51<br>

<b>To:</b> ServerCert CA/BF <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>><br>

<b>Subject:</b> [Servercert-wg] Following up: Proposal to make OCSP optional (introduced at Face-to-Face 57)<u></u><u></u></span></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div style="border:1pt solid black;padding:2pt">

<p class="MsoNormal" style="line-height:12pt;background:rgb(250,250,3)"><span style="font-size:10pt;color:black">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the

 content is safe.<u></u><u></u></span></p>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<div>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">Hi all,</span><u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">I am following up on our discussions from last week’s Face-to-Face meeting in Berlin.</span><u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">During the SCWG, I shared

</span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F180T6cDSWPy54Rb5d6R4zN7MuLEMShaZ4IRLQgdPqE98%2Fedit&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7Cfb8f20d33c014483310508dabc07b273%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638029038496783843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=IxGeR8SIaBoejzGxWJ9wt3QyEGIdkNwLmvDvrN%2F9ni4%3D&reserved=0" target="_blank"><span style="font-family:Arial,sans-serif;color:rgb(74,110,224)">this</span></a><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">

 link that describes a proposal for a <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2Fprofiles...ryancdickson%3Astaging%3Aprofiles&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7Cfb8f20d33c014483310508dabc07b273%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638029038496783843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eqcrkqO1V9KOyRP1Bk3bNRhNih4OUq4sYcQ6jLSuxH4%3D&reserved=0" target="_blank">

future ballot</a> that:</span><u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<ol start="1" type="1">

<li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">Requires CAs generate and publish either:<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li></ol>

<p class="MsoNormal" style="margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)"><u></u> <u></u></span></p>

<p style="margin-right:0cm;margin-bottom:0cm;margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)"><u></u> <u></u></span></p>

<p style="margin-right:0cm;margin-bottom:0cm;margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">a full and complete CRL, or<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)"><u></u> <u></u></span></p>

<p class="MsoNormal" style="margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)"><u></u> <u></u></span></p>

<p style="margin-right:0cm;margin-bottom:0cm;margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)"><u></u> <u></u></span></p>

<p style="margin-right:0cm;margin-bottom:0cm;margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">partitioned CRLs (sometimes called “sharded” CRLs) that, when aggregated, represent the equivalent of a full and<u></u><u></u></span></p>

<p style="margin-right:0cm;margin-bottom:0cm;margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)"> complete CRL.<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:72pt;vertical-align:baseline">

<u></u><span style="font-size:10pt;font-family:Symbol;color:rgb(14,16,26)"><span>·<span style="font:7pt "Times New Roman"">      

</span></span></span><u></u><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)"><u></u> <u></u></span></p>

<ol start="2" type="1">

<li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">Requires CRLs are updated and reissued at least once daily.<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li></ol>

<ol start="6" type="1">

<li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">Requires CAs include the corresponding HTTP URI for either the full and complete or partitioned/sharded CRL in<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">the CRL Distribution Point extension of subscriber certificates (i.e., TLS server certificates), with an exception for Short-lived Subscriber Certificates (see below).<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li></ol>

<ol start="11" type="1">

<li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">Makes OCSP services<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">optional<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">for CAs. If a CA continues supporting OCSP, the same requirements apply as they do today.<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li></ol>

<ol start="17" type="1">

<li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">Re-visits the concept of a Short-lived Subscriber Certificate - an<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">optional<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">certificate offering with a validity less than ten days that is not required to contain either a CRLDP or OCSP Pointer. As currently written, CAs may<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">optionally<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">support revocation for short-lived certificates - but they would still be responsible for blocking future issuance to confirmed compromised keys (defined in 6.1.1.3).<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li></ol>

<p class="MsoNormal"><u></u> <u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">Justification for combining both the proposed revocation changes and the Short-lived Subscriber Certificate discussion into a single ballot is two-fold:</span><u></u><u></u></p>

<ol start="1" type="1">

<li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">reduce administrative burden in the ballot review, discussion, and approval process; and<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">use of Short-lived Subscriber Certificates reduces CRL sizes, and due to the proposal requiring CRLs - this opportunity<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">seemed beneficial to both CA Owners and certificate consumers.<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li></ol>

<p class="MsoNormal"><u></u> <u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">Discussion at the Face-to-Face focused on:</span><u></u><u></u></p>

<ul type="disc">

<li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">how the proposal impacts offline intermediates that are only brought online to issue test certificates as required<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">by the BRs; <u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">concern regarding delays in user agents consuming certificate status information (i.e., comparing the speed by<u></u><u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">which changes can be conveyed via OCSP versus daily CRLs); and<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline;font-variant-numeric:normal;font-variant-east-asian:normal">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li><li style="color:rgb(14,16,26);margin-top:0cm;margin-bottom:0cm;vertical-align:baseline">

<span style="font-family:Arial,sans-serif">the corresponding implementation timeline (currently sharing the same effective date included in the profile work).<u></u><u></u></span></li><li class="MsoNormal" style="color:rgb(14,16,26);vertical-align:baseline">

<span style="font-family:Arial,sans-serif"><u></u> <u></u></span></li></ul>

<p class="MsoNormal"><u></u> <u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">The doc linked above also contains additional considerations worth exploring (e.g., impact on CT log operators, impacts on other user agents, etc.).</span><u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">Beyond the goals and justification described in the doc linked above (e.g., privacy concerns with OCSP, the volume of OCSP-related incidents, and operational costs of running secure,

 highly available, and resilient OCSP services), we see an opportunity to align requirements defined in the BRs with browser implementations (both current and planned). The consideration for Short-lived Subscriber Certificates also presents an opportunity to

 incentivize the use of automation and the issuance of certificates with a reduced validity without requiring either behavior in the BRs. </span><u></u><u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)"><br>

<br>

</span><u></u><u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">Comments, concerns, and volunteers for endorsers are welcome.</span><u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">Thanks,</span><u></u><u></u></p>

<p style="margin:0cm"><span style="font-family:Arial,sans-serif;color:rgb(14,16,26)">Ryan</span><u></u><u></u></p>

<p class="MsoNormal"><br>

<br>

<u></u><u></u></p>

</div>

</div>

</div>

</div>


</div></blockquote></div>