[cabfpub] Short-Lived Certificate Ballot
sleevi at google.com
Fri Nov 6 21:02:07 UTC 2015
On Fri, Nov 6, 2015 at 9:24 AM, Robin Alden <robin at comodo.com> wrote:
> In the cases where live revocation information is provided by the CA I
> acknowledge that a well-resourced attacker can wrap a carefully targeted
> victim in a bubble so that all communication from the victim to a site
This is trivial to do and we see this regularly. I'm not sure why you
suggest it's difficult. Hijacking BGP or simply intercepting traffic is
exactly the realistic adversarial threat model we live with.
That is, I think I'd object to the notion of "carefully target the victim"
- ANY user who is at risk from this attack - which is only those who are
talking to an attacker - are already targeted.
> So despite the lack of protection afforded to targeted victims (having a
> bad day) of well-resourced attackers (having a good day), I still claim an
> incremental advantage of live revocation checks.
I suppose it's unfortunate that we're unable to see eye to eye on how
technology actually works. I can understand that this likely triggers
deep-seated feelings, and instinctively the gut suggests your argument is
right, but unfortunately I suspect that this is much like the Monty Hall
problem - the correct answer is the unintuitive one, and it confounds many
entirely smart and reasonable people because of this.
> The stapled few-hundred byte OCSP response will make no significant
> difference to the performance.
I'm sure if the CA/Browser Forum was open to more feedback, not just from
CAs and browsers, but from large sites, you would find that many feel quite
differently, especially as that cost gets borne repeatedly on connections
for users who otherwise don't need it.
Equally unfortunate is the number of CAs who, rather than making it a
few-hundred byte OCSP response, end up making it 5-10 kilobytes (stapled
OCSP responder certificates, unnecessarily including chains in the
> The IoT case is not relevant to short-lived certificates, I feel, since
> issuing a certificate every day or two to a billion IoT devices is not an
> attractive proposition.
This is actually quite an attractive proposition. I know of multiple
projects at multiple companies - including Google - who feel otherwise.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public