[cabfpub] Short Lived Certificates

Adam Langley agl at google.com
Fri Jul 27 18:53:44 UTC 2012

On Fri, Jul 27, 2012 at 2:36 PM, <kirk_hall at trendmicro.com> wrote:
> More likely a short lived cert might be revoked soon after issuance because of a key compromise, etc. – in those cases, quick revocation with required OCSP responses would, in fact, deliver correct revocation information (“revoked”)  to the vast majority of relying parties (as no attacker would be devilishly supplying cached but incorrect good responses to relying parties in those cases).

To be clear: your scenario here is that a certificate's private key
has leaked, and a user is getting MITMed by an attacker with control
of the private key?

I agree that in the event that the attacker is competent enough to
MITM with the leaked key, but dumb enough that they don't block OCSP
lookups, revocation does protect the user.

However, I disagree that it's reasonable to base a security model
around this. Although security models are more gray than often
presented, you are positing a rather specifically stupid attacker.
They don't need to cache a previously good response: returning a TCP
RST from the OCSP server will do.



More information about the Public mailing list