HN
Today

Revocation of X.509 Certificates

This deep dive into X.509 certificate revocation meticulously breaks down why current mechanisms like CRLs and OCSP are largely ineffective, plagued by issues from privacy leaks to soft-fail implementations. The author, a long-time expert, argues that the internet's security framework is generations behind, criticizing browser giants like Chrome for their selective approach to revocation. The discussion highlights the community's frustration with the status quo and debates potential alternatives like DANE, while also critically examining the article's own style.

41
Score
14
Comments
#14
Highest Rank
9h
on Front Page
First Seen
Apr 27, 3:00 AM
Last Seen
Apr 27, 11:00 AM
Rank Over Time
201416231518212730

The Lowdown

The article critically examines the current state of X.509 certificate revocation, a fundamental component of internet security, arguing that existing mechanisms are largely dysfunctional. It builds on previous analyses from the author, noting recent changes by the CAB Forum and Let's Encrypt.

  • The Problem with CRLs (Certificate Revocation Lists): While a traditional method, CRLs are inefficient due to their potentially large size, the lag between issuance and client awareness, and the overhead of downloading an entire list for a single certificate check.
  • OCSP (Online Certificate Status Protocol) and its Flaws: OCSP was introduced as a refinement, allowing clients to query the revocation status of a single certificate. However, it introduces significant privacy concerns (CAs know client activity), performance overheads, and availability issues (soft-fail is common, making it largely ineffective if a server is down).
  • Stapled OCSP and Chrome's Stance: Stapled OCSP attempts to mitigate some OCSP issues by having the server provide the OCSP response. Yet, major browsers like Chrome do not perform OCSP checks, instead relying on a proprietary "CRLsets" approach, which is criticized for being overly trimmed and inconsistent with Chrome's broader security initiatives.
  • The Inevitable Conclusion: Revocation is Broken: The author posits that current revocation methods are fundamentally broken, largely due to long-lived certificates that create a wide window of vulnerability. Attacks now occur in minutes, not days or weeks, making existing revocation timescales obsolete.
  • Proposed Solutions and Alternatives: The article explores the move towards shorter-lived certificates (e.g., Let's Encrypt's 45-day validity) to reduce the impact of compromised keys. It also advocates for DANE (DNS-based Authentication of Named Entities) coupled with DNSSEC, which could offer more timely updates and a more robust security model by leveraging DNS TTLs. The author demonstrates in a practical test how major browsers failed to detect a revoked certificate even after 48 hours.

Ultimately, the piece concludes that the internet's reliance on an outdated security framework, particularly in X.509 certificate revocation, leaves it vulnerable to modern threats. The entrenchment of existing certificate infrastructure operators is seen as a barrier to much-needed innovation and improvement.

The Gossip

Auteur's Authenticity Allegations

Some commenters questioned whether the article was AI-generated due to its perceived repetitiveness and use of emojis, while others staunchly defended the author, highlighting their long history of publishing high-quality, similarly-styled content. The debate centered on whether the stylistic choices indicated AI authorship or were simply characteristic of the author's established voice.

DANE's Diminished Deployment

A significant portion of the discussion revolved around why DANE (DNS-based Authentication of Named Entities), proposed as a superior alternative, hasn't seen wider adoption. Commenters largely agreed that DNSSEC's complexity and deployment challenges are major hurdles, with some suggesting that incumbent PKI industry interests also play a role. There was also debate on the actual prevalence and severity of DNS-related outages.

Revocation's Rigorous Reality

Commenters debated the fundamental nature of certificate revocation. One side argued it's an emergency measure that doesn't need to be perfectly efficient for routine use, while others countered that at the scale of modern CAs, even emergencies become routine. The consensus emerged that current revocation mechanisms, especially in scenarios of mass revocation, are inadequate, presenting a critical single point of failure and potential for denial-of-service or soft-fail exploitation.