[cabfpub] Short-Lived Certs - the return

Ryan Sleevi sleevi at google.com
Thu Jun 11 17:13:03 UTC 2015

On Thu, Jun 11, 2015 at 10:02 AM, Eddy Nigg <eddy_nigg at startcom.org> wrote:

> Well, I wasn't talking about stapling really :-)
> But stapling is supported currently by only 25% of web sites serving
> certificates, but even here I believe servers can take a more conservative
> approach and update the OCSP every X hours or so. I'd recommend it in any
> case.

Sure, but good security practices don't affect the minimum security. That's
been the point repeatedly in these discussions. The question has been "How
long can an attacker use a bad certificate" and "How quickly will clients
notice" - and an attacker that can staple a response for 10 days (since
stapling is widely supported in the major browsers) is an attacker that can
use that bad certificate.

> For example Firefox caches the OCSP response for 24 hours only and not at
> all between restarts.

Sure, but it'll use the stapled response.

> From what I've seen Microsoft also uses Cache-Control headers in order to
> determine for how long to cache OCSP (and CRLs) which makes it a bit
> difficult to determine when it would update, but I assume that CAs will
> leave this fairly short for obvious reasons (also 24 hours range).


Beyond the fact that it doesn't matter (Stapling), the HTTP cache
directives are fully manipulable by an attacker, because the OCSP response
is served over HTTP. So the cache directives are hints, but don't supercede
the (signed) information.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150611/ca6f7bfb/attachment-0003.html>

More information about the Public mailing list