Revocation Flashcards
Certificate Revocation
- Abortive ending of the binding between subject and key (public key certificate) OR subject and attributes (attribute certificate)
- Is initiated by the subject OR the issuer
Revocation requirements
- Revocation information is publicly available
- Authenticity can be checked by everyone
- Revoked certificate is unambiguously identified
- Information about the time of the revocation
- Optional:
-> Revocation reason
-> Temporary revocation
-> X.509: CAs are responsible for publishing revocation information
Revocation mechanisms
- Dedicated infrastructure for dissemination of authentic revocation information
- Certificate Revocation List (CRLs)
- Online Certificate Status Protocol (OCSP)
- Certificate Revocation System (CRS)
- Certificate Revocation Trees (CRT)
- Revocation in PGP
- Alternative: Very short certificate validity period -> no revocation needed
Structure of a CRL
- Version
- Signature ID
- Issuer
- This Update
- Next Update
- List of revoked certificates (sequence of CRL entries)
- CRL-extensions
- Signature
Structure of a CRL entry
- userCertificate
- revocationDate
- CRLEntry-extensions
CRL Extensions
- can affect the CRL as a whole OR
- each single CRL entry (all of them)
CRL extensions: AKI/IAN
- Authority Key Identifier
- Issuer Alternative Name
CRL extensions: CRL Number
- Monotonically increasing sequence number
- Non-critical extension, must be included in all CRLs
- To determine when a particular CRL supersedes another CRL
- Two CRLs for same scope generated at different times must not have same CRL number
- Supports the use of Delta CRLs
-> Complete and Delta CRLs for a given scope must share one numbering sequence
CRL extensions: Issuing Distribution Point
- Critical extension
- Identifies the CRL distribution point and scope
- Indicates whether the CRL covers revocation for:
-> end-entity certificates only,
-> CA certificates only,
-> Attribute certificates only,
-> a limited set of reason codes
CRL entry extensions
- Affect the current CRL entry AND MAYBE
- Some following ones (but not necessarily all of them)
CRL entry extensions: Reason Code
- Non-critical extension
- Identifies the reason for certificate revocation
CRL entry extension: Hold Instruction Code
- Non-critical extension
- Indicates the action to be taken after encouraging a certificate that has been places on hold
- Standard actions: None, contact issuer or reject certificate, reject certificate
CRL entry extension: Invalidity Date
- Non-critical extension
- Provides the (suspected) date on which the certificate became invalid
- CRL issuers are strongly encouraged to share this data with CRL users
Publishing CRLs
- Most common: Web pages, LDAP
- File transfer protocol
- CRL push services (broadcasts)
CRL push service
- CRLs are delivered to registered clients
- Searching for a CRL is unnecessary
- Can only be used online
- Suitable for e.g. computer in Intranet, Servers
- Covers only certificates of few PKIs
Locating a CRL
- Using the policy: the policy of the issuer names places where its CRLs are published
- Using the certificate: CRLDistributionPoints extension
Locating a CRL: CRLDistributionPoints extension
- X.509 Certificate extension
- Non-critical
- Identifies how CRL information is obtained -> Pointer to the places where the CRL will be located (usually as a URL)
- Usage recommended
- Realized by the most typical applications
CRL properties
- Can be used offline (CRL caching)
- Easy implementation & management
- High information content (extendable!)
- The CRL (full CRL) contains information about all revoked certificates (size increases monotonically)
- All information is transferred at the same time
-> High load (peak) at “next update” time
-> Long validity period -> bad timeliness
-> Short validity period -> bad performance
Over-Issued CRLS
- CRLs issued more frequently than “nextUpdate” requires
- e.g., on a regular basis or with every certificate revocation
- frequency of the update is chosen by the client
-> improved timeliness
-> better load distribution
Delta CRL
- Format like a “normal” CRL + Delta CRL Indicator extension
- Contains all changes since Base CRL was issued
- Associated to Base CRL by the BaseCRLNumber
-> Better network load, better scalability
-> Slightly increases administration costs (client and server) - Can be combined with Over-Issued CRLs:
-> Together with each Full CRL also Deltas to the still valid CRLs are issued
X.509 CRL extensions: Delta CRL Indicator
- Critical extension
- Identifies a CRL as being a Delta CRL
- Contains a single value called BaseCRLNumber
- The BaseCRLNumber identifies the CRL used as the starting point in the generation of this Delta CRL
- The referenced base CRL must be published as a complete CRL
X.509 CRL extensions: Freshest CRL
- (aka Delta CRL Distribution Point)
- Non-critical extension
- Identifies how to obtain Delta CRLs
- Must not appear in Delta CRLs
Indirect CRLs
- Issuer of the CRL is not the issuer of the certificates
- Revocation can be delegated
- Revocation instance can operate online even if certificate issuer is offline
- Reflects the different security requirements on the keys that are used for signing certificates and the ones that are used for signing CRLs
X.509 CRL entry extension: Certificate Issuer
- Critical extension
- Identifies the certificate issuer associated with an entry in an indirect CRL
- If this extension is not present:
-> on the first entry in an indirect CRL: the certificate issuer defaults to the CRL issuer
-> on subsequent entries: the certificate issuer for these entries is the same as that for the preceding entry
CRL segmentation
- Revocation information for disjoint sets of certificates is split up into multiple Partitioned CRLs
- Relevant CRL identified:
-> Directly: Multiple CRLDistributionPoints, or
-> Indirectly: CRLDistributionPoints extension points to a special Redirect CRL - Redirect CRL
-> Set of pairs (CRLDistributionPoint, Scope)
-> The scope describes a set of certificates
-> Advantage: Can be changed later
Vor-/Nachteile: Full-CRL
- Vorteile:
-> Informationsgehalt hoch
-> Management einfach
-> Implementierung einfach - Nachteile:
-> Schlechte Skalierbarkeit
-> Hohe Last zum Zeitpunkt nextUpdate
-> Langer Gültigkeitszeitraum: schlechte timeliness vs. kurzer Gültigkeitszeitraum: schlechte Performance
Vor-/Nachteile: Over Issued
- Vorteile:
-> Verbesserte Timeliness
-> Updateverhalten vom Client wählbar
-> Verbesserte Lastverteilung - Nachteile:
-> erhöhte Last wenn Clients alle CRLs herunterladen
-> Häufiges Erstellen der CRLs
Vor-/Nachteile: Partitioned-CRL
- Vorteile:
-> Partitionierung nach Typ, Seriennummernbereich oder Namensbereich gültig
-> Beschleunigung der Prüfung durch kürzere CRLs - Nachteile:
-> Segmentierung zu späterem Zeitpunk nicht änderbar
Vor-/Nachteile: Redirect-CRL
- Vorteile:
-> Segmentierung nachträglich änderbar
-> Sperrinformationen werden auf mehrere CRLs aufgeteilt (Segmentation) - Nachteile:
-> Erhöhter Verwaltungsaufwand
-> Komplexe Implementierung
Vor-/Nachteile: Indirect-CRL
- Vorteile:
-> Zertifikatssperrung kann delegiert werden
-> Sperrinstanz kann unabhängig vom Aussteller der Zertifikate (online) agieren
-> Vereinfacht und beschleunigt CRL-Verwaltung beim Benutzer - Nachteil: Schlechte Skalierbarkeit