[cabfpub] Pre-Ballot - Short-Life Certificates
Jeremy Rowley
jeremy.rowley at digicert.com
Fri Oct 31 22:31:35 UTC 2014
Replies in-line:
> Here are some of the advantages:
> 1) Subscribers in areas prone to unrest and where their server might be taken over can let the certificate expire, essentially letting the certificate fail to renew.
How common is this? It seems like a dubious advantage.
[JR] Not common. But for the entities who need it, this is the top reason for using a short-lived cert.
> 3) Subscribers can avoid call-backs to the CA
They can avoid calling the CA to get an OCSP response (to staple), but in exchange they have to call the CA every day to get a new cert!
[JR] Sure - but if that connection is blocked, the cert is considered revoked. If the OCSP retrieval is blocked, it's considered normal operation (without mustStaple).
> There are 9 advantages that I could readily find. I'm sure many more exist.
It would be helpful to list the disadvantages. Here's some:
a) Short-lived certs won't work on some number of machines whose clocks are too far out of sync. The actual number is debatable. It's small, but non-zero.
[JR] This is a risk on the subscriber and not a reason not to permit CAs to issue them.
b) Subscriber has to deal with the additional risk that their servers have to call back to the CA every day, obtain a fresh cert, and deploy that new cert without any negative impact to existing traffic.
[JR] Again, this is a subscriber risk, not a security risk.
c) What a CA saves in OCSP infrastructure is offset by new infrastructure needed to distribute new certs to these customers every day.
[JR] Sure, but that's on the CA issuing them. Any expense for the CA is up to the CA and not something this forum may discuss.
-Rick
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Thursday, October 30, 2014 7:29 AM
To: kirk_hall at trendmicro.com; Ryan Sleevi; Doug Beattie
Cc: public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot - Short-Life Certificates
On 29/10/14 18:50, kirk_hall at trendmicro.com wrote:
> Ryan, thanks for the information, and I respect your analysis. But
> many of us would say that revocation (and the ability to check for
> revocation) is a fundamental aspect of whether a cert is valid at all.
I think we all agree that the ability to revoke certs is vital. However, in the real world, there is always going to be a time lag of some sort between the decision to revoke and all clients becoming aware of that revocation. Comparing any system to the perfect system of universal instant revocation is unfair.
An analysis of real-world revocation inevitably involves complex scenarios about the nature of the attack, the capabilities of the attackers, the type of revocation system being used, the update frequency of clients, the characteristics of the network, and so on. And it inevitably involves vulnerability windows for some clients.
My assertion is that, in reasonable attack scenarios, the vulnerability windows and overall risk of short-lived certs is about the same as long-lived certs using OCSP.
Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list