[cabfpub] Pre-Ballot - Short-Life Certificates

Rick Andrews Rick_Andrews at symantec.com
Fri Oct 31 15:24:57 MST 2014


> Here are some of the advantages:
> 1) Subscribers in areas prone to unrest and where their server might be taken over can let the certificate expire, essentially letting the certificate fail to renew.

How common is this? It seems like a dubious advantage.

> 3) Subscribers can avoid call-backs to the CA

They can avoid calling the CA to get an OCSP response (to staple), but in exchange they have to call the CA every day to get a new cert!

> There are 9 advantages that I could readily find. I'm sure many more exist.

It would be helpful to list the disadvantages. Here's some:
a) Short-lived certs won't work on some number of machines whose clocks are too far out of sync. The actual number is debatable. It's small, but non-zero.
b) Subscriber has to deal with the additional risk that their servers have to call back to the CA every day, obtain a fresh cert, and deploy that new cert without any negative impact to existing traffic.
c) What a CA saves in OCSP infrastructure is offset by new infrastructure needed to distribute new certs to these customers every day.

-Rick

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Thursday, October 30, 2014 7:29 AM
To: kirk_hall at trendmicro.com; Ryan Sleevi; Doug Beattie
Cc: public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot - Short-Life Certificates

On 29/10/14 18:50, kirk_hall at trendmicro.com wrote:
> Ryan, thanks for the information, and I respect your analysis.  But 
> many of us would say that revocation (and the ability to check for
> revocation) is a fundamental aspect of whether a cert is valid at all. 

I think we all agree that the ability to revoke certs is vital. However, in the real world, there is always going to be a time lag of some sort between the decision to revoke and all clients becoming aware of that revocation. Comparing any system to the perfect system of universal instant revocation is unfair.

An analysis of real-world revocation inevitably involves complex scenarios about the nature of the attack, the capabilities of the attackers, the type of revocation system being used, the update frequency of clients, the characteristics of the network, and so on. And it inevitably involves vulnerability windows for some clients.

My assertion is that, in reasonable attack scenarios, the vulnerability windows and overall risk of short-lived certs is about the same as long-lived certs using OCSP.

Gerv

_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public


More information about the Public mailing list