Certificate
Revocation
Serge Egelman
Introduction



What is revocation?
Why do we need it?
What is currently being done?
Huh?

Certificates Are:

Identity
Personal
 Corporate



Financial
Overall Security
Why Revoke?





Key Compromise
Forgotten Passphrase
Lost Private Key
Stale Keys
“PKI is only as secure as the revocation
mechanism”
Current Standard

Certificate Revocation Lists (CRLs)






Serial Numbers
PEM and DER
Expiration Date
Next Update Date
CA Signed
Should Be Publically Available.
Obtaining CRLs
Obtaining CRLs
Certificate Revocation List (CRL):
Version 1 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
Last Update: Jan 22 11:00:36 2004 GMT
Next Update: Feb 5 11:00:36 2004 GMT
Revoked Certificates:
Serial Number: 010199E0F79E9034FDD3D176DBB83A05
Revocation Date: Apr 2 15:03:51 2003 GMT
Serial Number: 01048336716E434C44813CFCA5A829BF
Revocation Date: Sep 17 23:48:52 2002 GMT
Serial Number: 0104C6A0285798B92A015D641010279F
Revocation Date: May 15 22:03:54 2003 GMT
What Are The Problems?



CDP Not Specified!
CDP Optional!
Next Update in Two Weeks!
Among All CAs!

CDP Protocols:
CA Name
CDP Protocol
Entrust
HTTP/LDAP
GeoTrust
HTTP
GlobalSign
HTTP
GTE
CyberTrust
HTTP
IPSCA
HTTP
Thawte
Verisign
HTTP
Among All CAs!

CRL Lifecycles:
CA Name
CRL Lifecycle
Entrust
Daily
GeoTrust
10 Days
GlobalSign
30 Days
GTE CyberTrust
6 Months
IPSCA
30 Days
Thawte
30 Days
Verisign
14 Days
CA Market Share
There Must Be Another Way!




Online Certificate Status Protocol (RFC 2560)
Real-Time
Three Responses
Burden Moved to Server
OCSP

OCSP Servers:






CA Run
CA Delegated
Trusted Third Parties
Client Knows Server Address
Client Sends Serial Number
Server Sends Signed Response
The Next Problem



Knowing Location of Server!
System Is Useless
So What Can We Do?
A Solution

The DNS System




The Service Locator Extension



Referrals
Client Only Needs Address of Any Server!
Authority is Delegated
Specifics Undefined
Not Currently Being Used
Signed Response

Local Responder or CA Key
So What?

OCSP Can Mimic DNS




Local Responders
Authoritative Responders
Root OCSP Servers
Nothing Known About Authoritative Responder!
Key Points



Every PKI Needs Revocation!
CRLs Bad!
OCSP Good!
Conclusion



Terrorist, Terrorist, Terrorist
9/11, 9/11
God Bless America
References





Ron Rivest, Can We Eliminate Certificate Revocation Lists?, Financial
Cryptography, 1998.
Patrick McDaniel and Aviel Rubin, A Reponse to “Can We Eliminate
Certificate Revocation Lists?,” Financial Cryptography, 2000.
Serge Egelman, Josh Zaritsky, and Anita Jones, Improved Certificate
Revocation with OCSP.
M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, X.509
Internet Public Key Infrastructure: Online Certificate Status Protocol
(OCSP), IETF RFC 2560.
R. Housley, W. Polk, W. Ford, and D. Solo, Internet X.509 Public Key
Infrastructure Certificate and CRL Profile, IETF RFC 2459.
Questions?