230 likes | 444 Views
Certificate Revocation. Serge Egelman. Introduction. What is revocation? Why do we need it? What is currently being done?. Huh?. Certificates Are: Identity Personal Corporate Financial Overall Security. Why Revoke?. Key Compromise Forgotten Passphrase Lost Private Key Stale Keys
E N D
Certificate Revocation Serge Egelman
Introduction • What is revocation? • Why do we need it? • What is currently being done?
Huh? • Certificates Are: • Identity • Personal • Corporate • Financial • Overall Security
Why Revoke? • Key Compromise • Forgotten Passphrase • Lost Private Key • Stale Keys • “PKI is only as secure as the revocation mechanism”
Current Standard • Certificate Revocation Lists (CRLs) • Serial Numbers • PEM and DER • Expiration Date • Next Update Date • CA Signed • Should Be Publically Available.
Obtaining CRLs Certificate Revocation List (CRL): Version 1 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority Last Update: Jan 22 11:00:36 2004 GMT Next Update: Feb 5 11:00:36 2004 GMT Revoked Certificates: Serial Number: 010199E0F79E9034FDD3D176DBB83A05 Revocation Date: Apr 2 15:03:51 2003 GMT Serial Number: 01048336716E434C44813CFCA5A829BF Revocation Date: Sep 17 23:48:52 2002 GMT Serial Number: 0104C6A0285798B92A015D641010279F Revocation Date: May 15 22:03:54 2003 GMT
What Are The Problems? • CDP Not Specified! • CDP Optional! • Next Update in Two Weeks!
Among All CAs! • CDP Protocols:
Among All CAs! • CRL Lifecycles:
There Must Be Another Way! • Online Certificate Status Protocol (RFC 2560) • Real-Time • Three Responses • Burden Moved to Server
OCSP • OCSP Servers: • CA Run • CA Delegated • Trusted Third Parties • Client Knows Server Address • Client Sends Serial Number • Server Sends Signed Response
The Next Problem • Knowing Location of Server! • System Is Useless • So What Can We Do?
A Solution • The DNS System • Referrals • Client Only Needs Address of Any Server! • Authority is Delegated • The Service Locator Extension • Specifics Undefined • Not Currently Being Used • Signed Response • Local Responder or CA Key
So What? • OCSP Can Mimic DNS • Local Responders • Authoritative Responders • Root OCSP Servers • Nothing Known About Authoritative Responder!
Key Points • Every PKI Needs Revocation! • CRLs Bad! • OCSP Good!
Conclusion • Terrorist, Terrorist, Terrorist • 9/11, 9/11 • God Bless America
References • Ron Rivest, Can We Eliminate Certificate Revocation Lists?, Financial Cryptography, 1998. • Patrick McDaniel and Aviel Rubin, A Reponse to “Can We Eliminate Certificate Revocation Lists?,” Financial Cryptography, 2000. • Serge Egelman, Josh Zaritsky, and Anita Jones, Improved Certificate Revocation with OCSP. • M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol (OCSP), IETF RFC 2560. • R. Housley, W. Polk, W. Ford, and D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, IETF RFC 2459.