Google Rethinks Revocation

March 7, 2012 by Jon Callas     No Comments

Google has decided in Chrome that they’re going to take a different approach to certificate revocation.

Chrome developer Adam Langley describes the decision in detail in his blog, Imperial Violet. Unlike a number of CAs, we think this is a pretty good idea, even if incompletely executed so far.

Revocation is a difficult task. It is difficult because it requires coordination between the CAs and the browsers to protect the end user, and that the event is definitionally unusual. An end user sees an actual revoked certificate only once in millions or billions of web fetches. The checks are time-consuming as well. Langley says that the median time of a successful check is about a third of a second and the mean is over a second.

There is also the issue of bugs, features, and just weird things that browsers do with revocation. Some don’t check, some check but don’t thoroughly examine the result, others will thoroughly check but only after the user turns the thorough checks on. Langley’s blog post of March 2011 on the subject is a good place to read, if you want more. There are even ways for a malicious attacker to easily mess with OCSP checks.

Furthermore, revocation checks are a privacy issue; the science of geo-locating an IP address is so good that any packet anyone sends pretty much says where they are.

Google’s solution is for them to get CRLs through their normal web crawling mechanisms, and then distribute them to the Chrome users through the mechanism that they use to distribute other security information such as malware links.

This is a fantastic idea, because it replaces a number of bad-to-mediocre mechanisms for getting certificate-related security information with one that proven to work. It also improves performance, network reliability, and end-user privacy.

There is a small cost, though. If I go to a site with a revoked certificate on my own before I receive a Google update, then I will accept the revoked certificate. But on the other hand, one of the reasons to shift to a new certificate management mechanism is that the old one doesn’t work reliably.

The only criticisms I can make of this are in how to make this work for all the browsers. We need the same idea working for Firefox, Safari, IE, Opera, and others in addition to Chrome. Of these people, only Microsoft has their own search engine.

In short, the problem I see is not that it is a bad idea, but how to turn it into an industry-wide standard.

Jon Callas

About

Jon Callas has over 30 years of experience and served as Entrust’s Chief Technology Officer. Prior to joining Entrust, Callas co-founded PGP Corporation which specialized in email and data encryption software. Over the course of more than fifteen years, Callas held leadership functions including CTO and CSO. Most recently, he also served as an operating system security expert with Apple. Additionally, he has held leadership positions with corporations including Wave Systems Corporation, Digital Equipment Corporation and Counterpane Internet Security Inc. He has also authored several Internet Engineering Task Force (IETF) standards including OpenPGP, DKIM, and ZRTP.

Add to the Conversation