[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

philliph at comodo.com philliph at comodo.com
Fri Feb 10 16:58:29 UTC 2017


> On Feb 10, 2017, at 5:36 AM, Gervase Markham via Public <public at cabforum.org> wrote:
> 
> On 10/02/17 10:32, Christian Heutger wrote:
>> I don’t talk about the effort of replacing a certificate. I talk
>> about the driver behind limiting the lifetime and what would and
>> primarly (as it’s the driver of this ballot) will happen on limiting
>> the lifetime: Algorithm changes in 1 year. That is something, an
>> enterprise can’t meet. 
> 
> Let's say for the sake of argument that this is true today. Don't you
> see that it's a big problem?
> 
> If there is suddenly a break in an algorithm, does the enterprise really
> _want_ to keep using that insecure algorithm for the next 3 years while
> it figures out how to transition off it, and other governments or their
> competitors read their secrets?

If a sudden break was to occur it would be unprecedented. We have had many coding errors, we have had quite a few protocol bugs but we have never had an algorithm go from solid to broken overnight.

Which is the reason I think that making the change proposed for the reason proposed will actually make the WebPKI less secure, less robust.

What I expect to happen is that the reduction in the cert validity period and the expectation of being able to effect rapid change will make it even harder to persuade browser providers, server providers, etc. of the need to anticipate future changes ahead of time. 

If we managed the WebPKI logically, we would have a production and a backup algorithm for every cryptographic purpose or at minimum signature and digest. Instead, we have been considering deploying SHA-3 for how many years now? I doubt that there will be any serious consideration given to deploying SHA-3 until after the first cracks in SHA-2 and that is likely to be less than instant. If we wind down the cert validity interval to a year then there will probably be no deployment of SHA-3 until Shappening 2.0. That is, until it is too late.


I know that in certain parts of technology land, regular code updates are the cure for every problem. Well as we enter IoT world people are going to be discovering that they are not. If you go to CostCo you will find that being a non-smart TV is a bigger selling point than being a smart one. And that was before the Visio spy camera thing came out. What people with smart TVs have found is that they turn them on and then they have to wait for 20 minutes while the thing performs an update.

Forced updates solve some security problems and create others.







More information about the Public mailing list