[cabfpub] Short Lived Certificates

Jeremy Rowley jeremy.rowley at digicert.com
Fri Jul 27 18:26:13 UTC 2012


Hi everyone, 

 

One of the current discussions in the CAB Forum is the issuance of short-lived certificates.  I thought I’d move the discussion over this public list for additional input. This is the proposal (which has been updated from its original post based on the comments received so far):

While reviewing the baseline requirements, we noticed an odd situation where the baseline requirements permit a CA to omit any revocation information in a certificate.  We also noticed that the baseline requirements don't permit the use of short-lived certificates.  As discussed previously, short-lived certificates have a lifecycle of about seven days.  Because the lifecycle is short, the risks associated with a compromised certificate are minimized, making revocation information in the certificate unnecessary.  Because short-lived certificates are highly sensitive to the accuracy of a relying party's system time, for fault-tolerance purposes, it is best if short-lived certificates have a “valid from” date/time that pre-dates the actual date/time of issuance.  Having the certificate be valid for a period of 14 days (seven on either side of the issuance date) helps eliminate the accuracy concerns. 

Appendix B of the baseline requirements state:

B. cRLDistributionPoints

This extension MAY be present.  If present, it MUST NOT be marked critical, and it MUST contain the  HTTP URL of the CA’s CRL service.  See Section 13.2.1 for details.

C. authorityInformationAccess

With the exception of stapling, which is noted below, this extension MUST be present.  It MUST NOT be marked critical, and it MUST contain the HTTP URL of the Issuing CA’s OCSP responder (accessMethod = 1.3.6.1.5.5.7.48.1).  It SHOULD also contain the HTTP URL of the Issuing CA’s certificate (accessMethod = 1.3.6.1.5.5.7.48.2).  See Section 13.2.1 for details.

The HTTP URL of the Issuing CA’s OCSP responder  MAY be omitted provided that the Subscriber  “staples” OCSP responses for the Certificate in its TLS handshakes [RFC4366].

This results in an odd situation where a CA can issue a certificate without either a CRL or AIA if the customer promises to use OCSP stapling. A customer won’t serve a revoked certificate through its server, meaning the certificate can never be effectively revoked. Compare this to Appendix B of the EV Guidelines.

(B) cRLDistributionPoint

This extension SHOULD be present and MUST NOT be marked critical.  If present, it MUST contain the HTTP URL of the CA‟s CRL service.  This extension MUST be present if the certificate does not specify OCSP responder locations in an authorityInformationAccess extension.  See Section  11 for details.

(C) authorityInformationAccess

This extension SHOULD be present and MUST NOT be marked critical.  If present, it MUST contain  the HTTP URL of the CA‟s OCSP responder (accessMethod = 1.3.6.1.5.5.7.48.1).

An HTTP URL MAY be included for the Subordinate CA‟s certificate (accessMethod = 1.3.6.1.5.5.7.48.2)

This extension MUST be present if the certificate does not contain a cRLDistributionPoint extension.  See Section 11 for details.

To accommodate short-lived certificates and remedy this loophole, I propose we modify the baseline requirements as follows:

(new definition) Short Lived Certificates: A Certificate with an “Valid To” date that is seven or less days from the date of issuance and a “Valid From” date that is no more than seven days prior to the date of issuance.

13.1.5 Reasons for Revocation

If one or more of the following reasons for revocation occurs, a CA SHALL, within 24 hours, (i) revoke all affected Certificates that contain a cRLDistributionPoint or an authorityInformationAccess extension and (ii) cease issuing Short Lived Certificates to the Subscriber until none of the reasons for revocation apply.

13.2.2 Repository

The CA SHALL maintain an online 24x7 Repository that application software can use to automatically check the current status of all unexpired Certificates (except Short Lived Certificates) issued by the CA.  The CA MAY include certificate status information for Short Lived Certificates in its Repository.

Appendix B – Certificate Extensions (Normative)

Subordinate CA Certificates

B. cRLDistributionPoint

This extension MUST be present and MUST NOT be marked critical.  This extension MUST contain the  HTTP URL of the CA’s CRL service.  

C. authorityInformationAccess

With the exception of stapling, which is noted below, this extension MAY be present.  If present, this extension MUST NOT be  marked critical, and it MUST contain the HTTP URL of the Issuing CA’s OCSP responder (accessMethod  = 1.3.6.1.5.5.7.48.1).  It SHOULD also contain the HTTP URL of the Issuing CA’s certificate  (accessMethod = 1.3.6.1.5.5.7.48.2).  See Section 13.2.1 for details.  

Subscriber Certificates

B. cRLDistributionPoint

This extension MAY be present.  If present, it MUST NOT be marked critical, and it MUST contain the  HTTP URL of the CA’s CRL service.  This extension MUST be present if the certificate does not specify OCSP responder locations in an authorityInformationAccess extension and the certificate is not a Short Lived Certificate.  

C. authorityInformationAccess

With the exception of stapling, which is noted below, Short Lived Certificates, this extension MUST be present.  This extension MAY be present in Short Lived Certificates. It MUST NOT be  marked critical, and it MUST contain the HTTP URL of the Issuing CA’s OCSP responder (accessMethod  = 1.3.6.1.5.5.7.48.1).  It SHOULD also contain the HTTP URL of the Issuing CA’s certificate  (accessMethod = 1.3.6.1.5.5.7.48.2).  See Section 13.2.1 for details.  

Jeremy

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120727/b6487c1d/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5409 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120727/b6487c1d/attachment-0001.p7s>


More information about the Public mailing list