[cabfpub] OCSP Stapling and Short-Lived Certificates Proposal

Rob Stradling rob.stradling at comodo.com
Mon Mar 25 12:29:02 UTC 2013 

On 23/03/13 01:07, Ryan Sleevi wrote:
> On Fri, Mar 22, 2013 at 5:59 PM, Rick Andrews <Rick_Andrews at symantec.com
> <mailto:Rick_Andrews at symantec.com>> wrote:
<snip>
>     My logic was this: I see a 2-year cert that was issued one day ago;
>     the CA must have thought it was valid or it wouldn’t have issued it;
>     the CA very likely also issued an OCSP response that says the cert
>     is good for the first 7 days; even without fetching the OCSP
>     response I can conclude that even if I fetched one or got one via
>     stapling, it would say that the cert was valid.
>
> No, that's not a fair assumption. We're not proposing psychic browsers -
> we're just showing how, by very design of the protocol itself, it can be
> exploited by an attacker for a certain period of time - the same time
> period being proposed for short-lived certs.
>
>     Since I already know the answer, I don’t have to ask the question.
>
> That's not something that has been proposed by anyone on this list -
> that's why I objected.

Actually, I proposed this in July 2012 (although it was on management@ 
rather than public@)...

'If the goal here is to avoid revocation checking, then I think 
"short-lived" is the wrong concept to be looking at.

IMHO, the important thing to consider is how "fresh" the certificate is: 
If the client detects that the cert was issued less than N days ago 
(where N = the maximum validity period for revocation information), then 
the client MAY avoid performing a revocation check.
(And if the client detects that the cert was issued more than N days 
ago, then the client SHOULD perform a revocation check).

With this approach, a CA could re-issue a long-lived cert each week, and 
if the domain holder chooses to install each reissued cert each week, 
then those clients that are suitably enhanced will never do revocation 
checks.

IMHO, the advantage of this approach is that if a domain holder forgets 
to install a new long-lived cert one week, the situation is less bad 
than if they'd forgotten to install a new short-lived cert that week. 
i.e. having a revocation check occur is preferable to having a browser 
warning (about an expired cert) appear.'

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list