certificate revocation
DESCRIPTION
Certificate Revocation. Serge Egelman. Introduction. What is revocation? Why do we need it? What is currently being done?. Huh?. Certificates Are: Identity Personal Corporate Financial Overall Security. Why Revoke?. Key Compromise Forgotten Passphrase Lost Private Key Stale Keys - PowerPoint PPT PresentationTRANSCRIPT
Certificate Revocation
Serge Egelman
Introduction
What is revocation? Why do we need it? What is currently being done?
Huh?
Certificates Are: Identity
Personal Corporate
Financial Overall Security
Why Revoke?
Key Compromise Forgotten Passphrase Lost Private Key Stale Keys “PKI is only as secure as the revocation
mechanism”
Current Standard
Certificate Revocation Lists (CRLs) Serial Numbers PEM and DER Expiration Date Next Update Date CA Signed Should Be Publically Available.
Obtaining CRLs
Obtaining CRLs
Certificate Revocation List (CRL): Version 1 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority Last Update: Jan 22 11:00:36 2004 GMT Next Update: Feb 5 11:00:36 2004 GMTRevoked Certificates: Serial Number: 010199E0F79E9034FDD3D176DBB83A05 Revocation Date: Apr 2 15:03:51 2003 GMT Serial Number: 01048336716E434C44813CFCA5A829BF Revocation Date: Sep 17 23:48:52 2002 GMT Serial Number: 0104C6A0285798B92A015D641010279F Revocation Date: May 15 22:03:54 2003 GMT
What Are The Problems?
CDP Not Specified! CDP Optional! Next Update in Two Weeks!
Among All CAs!
CDP Protocols:
CA Name CDP Protocol
Entrust HTTP/LDAP
GeoTrust HTTP
GlobalSign HTTP
GTE CyberTrust
HTTP
IPSCA HTTP
Thawte
Verisign HTTP
Among All CAs!
CRL Lifecycles:
CA Name CRL Lifecycle
Entrust Daily
GeoTrust 10 Days
GlobalSign 30 Days
GTE CyberTrust 6 Months
IPSCA 30 Days
Thawte 30 Days
Verisign 14 Days
CA Market Share
There Must Be Another Way!
Online Certificate Status Protocol (RFC 2560) Real-Time Three Responses Burden Moved to Server
OCSP
OCSP Servers: CA Run CA Delegated Trusted Third Parties
Client Knows Server Address Client Sends Serial Number Server Sends Signed Response
The Next Problem
Knowing Location of Server! System Is Useless So What Can We Do?
A Solution
The DNS System Referrals Client Only Needs Address of Any Server! Authority is Delegated
The Service Locator Extension Specifics Undefined Not Currently Being Used
Signed Response Local Responder or CA Key
So What?
OCSP Can Mimic DNS Local Responders Authoritative Responders Root OCSP Servers Nothing Known About Authoritative Responder!
Key Points
Every PKI Needs Revocation! CRLs Bad! OCSP Good!
Conclusion
Terrorist, Terrorist, Terrorist 9/11, 9/11 God Bless America
References
Ron Rivest, Can We Eliminate Certificate Revocation Lists?, Financial Cryptography, 1998.
Patrick McDaniel and Aviel Rubin, A Reponse to “Can We Eliminate Certificate Revocation Lists?,” Financial Cryptography, 2000.
Serge Egelman, Josh Zaritsky, and Anita Jones, Improved Certificate Revocation with OCSP.
M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol (OCSP), IETF RFC 2560.
R. Housley, W. Polk, W. Ford, and D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, IETF RFC 2459.
Questions?