[cabfpub] Pre-Ballot - Short-Life Certificates

Gervase Markham gerv at mozilla.org
Thu Oct 30 13:29:18 UTC 2014


On 29/10/14 18:50, kirk_hall at trendmicro.com wrote:
> Ryan, thanks for the information, and I respect your analysis.  But many
> of us would say that revocation (and the ability to check for
> revocation) is a fundamental aspect of whether a cert is valid at all. 

I think we all agree that the ability to revoke certs is vital. However,
in the real world, there is always going to be a time lag of some sort
between the decision to revoke and all clients becoming aware of that
revocation. Comparing any system to the perfect system of universal
instant revocation is unfair.

An analysis of real-world revocation inevitably involves complex
scenarios about the nature of the attack, the capabilities of the
attackers, the type of revocation system being used, the update
frequency of clients, the characteristics of the network, and so on. And
it inevitably involves vulnerability windows for some clients.

My assertion is that, in reasonable attack scenarios, the vulnerability
windows and overall risk of short-lived certs is about the same as
long-lived certs using OCSP.

Gerv




More information about the Public mailing list