Abstract
The modern Internet is highly dependent on the trust communicated via X.509 certificates. However, in some cases certificates become untrusted and it is necessary to revoke them. In practice, the problem of secure certificate revocation has not yet been solved, and today no revocation procedure (similar to Certificate Transparency w.r.t. certificate issuance) has been adopted to provide transparent and immutable history of all revocations. Instead, the status of most certificates can only be checked with Online Certificate Status Protocol (OCSP) and/or Certificate Revocation Lists (CRLs). In this paper, we present the first longitudinal characterization of the revocation statuses delivered by CRLs and OCSP servers from the time of certificate expiration to status disappearance. The analysis captures the status history of over 1 million revoked certificates, including 773K certificates mass-revoked by Let’s Encrypt. Our characterization provides a new perspective on the Internet’s revocation rates, quantifies how short-lived the revocation statuses are, highlights differences in revocation practices within and between different CAs, and captures biases and oddities in the handling of revoked certificates. Combined, the findings motivate the development and adoption of a revocation transparency standard.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Currently, CAs must maintain revocation statuses only until certificate expiration [1].
- 2.
The interval of 22 h (slightly less than 24 h) was selected for performance reasons, after the initial evaluation of our measurement framework.
References
Baseline Requirements for the issuance and management of publicly-trusted certificates, v1.7.2 (2020). https://cabforum.org/baseline-requirements-documents/
OneCRL (CA/Revocation Checking in Firefox) (2020) https://wiki.mozilla.org/CA:RevocationPlan#OneCRL
Apple: About upcoming limits on trusted certificates (2020). https://support.apple.com/en-us/HT211025
Chuat, L., Abdou, A., Sasse, R., Sprenger, C., Basin, D., Perrig, A.: SoK: delegation and revocation, the missing links in the Web’s chain of trust. In: Proceedings of IEEE EuroS&P (2020)
Chung, T., et al.: Is the Web ready for OCSP must-staple? In: Proceedings of IMC (2018)
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure certificate and Certificate Revocation List (CRL) profile. RFC 5280, May 2008
Deacon, A., Hurst, R.: The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments. RFC Editor, RFC 5019, September 2007
DigiCert: DigiCert: Delay of revocation for EV audit inconsistency incident (2020). https://bugzilla.mozilla.org/show_bug.cgi?id=1651828
DigiCert: Inconsistent EV audits (2020). https://bugzilla.mozilla.org/show_bug.cgi?id=1650910
Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by Internet-wide scanning. In: Proceedings of ACM CCS (2015)
Google: CRLSets. https://dev.chromium.org/Home/chromium-security/crlsets. Accessed Sept 2020
Google: Certificate lifetimes (2020). https://chromium.googlesource.com/chromium/src/+/master/net/docs/certificate_lifetimes.md
Google Trust Services: Certificate Policy v1.3. https://pki.goog/GTS-CP-1.3.pdf, OID = 1.3.6.1.4.1.11129.2.5.3. Accessed 21 Jan 2021
Gustafsson, J., Overier, G., Arlitt, M., Carlsson, N.: A first look at the CT landscape: Certificate Transparency logs in practice. In: Proceedings of PAM, March 2017
Internet Security Research Group (ISRG): Certification Practice Statement, Version 3.0, October 2020. http://cps.letsencrypt.org. Accessed 21 Jan 2021
Kim, D., Kwon, B.J., Kozák, K., Gates, C., Dumitras, T.: The broken shield: measuring revocation effectiveness in the Windows code-signing PKI. In: Proceedings of USENIX Security, August 2018
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Korzhitskii, N., Carlsson, N.: Characterizing the root landscape of Certificate Transparency logs. In: Proceedings of IFIP Networking, June 2020
Korzhitskii, N., Carlsson, N.: Dataset for “Revocation Statuses on the Internet” PAM 2021 paper (2021). https://www.ida.liu.se/~nikca89/papers/pam21.html
Laurie, B., Langley, A., Kasper, E.: Certificate Transparency. RFC 6962 (2013)
Let’s Encrypt: 2020.02.29 CAA Rechecking Bug, March 2020. https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/3
Let’s Encrypt: Download affected certificate serials for 2020.02.29 CAA Rechecking Incident, March 2020. https://letsencrypt.org/caaproblem/
Liu, Y., et al.: An end-to-end measurement of certificate revocation in the Web’s PKI. In: Proceedings of IMC (2015)
Mozilla (2020). https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/
O’Brien, D.: Certificate Transparency Enforcement in Chrome and CT Day in London (2018). https://groups.google.com/a/chromium.org/d/msg/ct-policy/Qqr59r6yn1A/2t0bWblZBgAJ. Accessed Jan 2021
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
SANS Internet Storm Center: SSL CRL activity. https://isc.sans.edu/crls.html. Accessed Sept 2020
Santesson, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet public key infrastructure online certificate status protocol - OCSP. RFC Editor, RFC 6960, June 2013
Santesson, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X. 509 internet public key infrastructure online certificate status protocol-ocsp. RFC 6960 (2013)
Scheitle, Q., et al.: The rise of Certificate Transparency and its implications on the Internet ecosystem. In: Proceedings of IMC (2018)
Sectigo: Certificate search. https://crt.sh. Accessed Sept 2020
Smith, T., Dickinson, L., Seamons, K.: Let’s revoke: scalable global certificate revocation. In: Proceedings of NDSS (2020)
Starfield Technologies, LLC: Certificate Policy and Certification Practice Statement (CP/CPS), Version 4.9, October 2020. http://certificates.godaddy.com/repository/. Accessed 21 Jan 2021
Zhu, L., Amann, J., Heidemann, J.: Measuring the latency and pervasiveness of TLS certificate revocation. In: Proceedings of PAM (2016)
Acknowledgment
This work was supported by the Wallenberg AI, Autonomous Systems and Software Program (WASP) funded by the Knut and Alice Wallenberg Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix A. Other CA-Based Behavior Comparisons
We have already seen that different CAs have different revocation-status-handling practices. To provide some additional insights, we obtained day-of-week distributions that capture when CAs change the “Revoked” status to something else (Fig. 9(a)); compare this to the distribution of the first certificate validity day (Fig. 9(b)). Perhaps, the most noticeable are the weaker weekly patterns. While more than half of the CAs issue significantly fewer certificates with start dates during weekends (dark areas for Sat/Sun in Fig. 9(b)), we did not observe such weekly patterns for the revocation status changes. Instead, only a few CAs have spikes of revocation status changes on a certain day (white squares in Fig. 9(a)). For example, Starfield, GoDaddy (part of Starfield), and Digidentify update most of their statuses on Friday, and Japanese Registry on Sunday (Monday Japanese time). The distributions suggest that the relation between last-status-change and certificate-validity-start days is not straightforward. Having said that, some of the CAs have even weekly distributions for both processes, which may suggest higher levels of automation (e.g., Let’s Encrypt, Google, Actalis, cPanel, Gandi, Herndon). Among the large CAs, DigiCert stands out with their pronounced weekly patterns for both processes. Similarly, there are some differences in the daily (Fig. 10(a)) and hourly (Fig. 10(b)) distributions of the expiry times selected for certificates. Here, some of the large CAs (e.g., Let’s Encrypt, GoDaddy, Google, GlobalSign) spread expiry times both across the week and the hours of the days, whereas other large CAs (e.g., DigiCert, Comodo, cPanel, Sectigo) always set certificates to expire at the same time of day. Although these differences may not have major security implications, perhaps, they demonstrate the lack of a standardized policy for managing the revocation status of expired certificates.
Appendix B: Responses by CAs
We contacted 8 organizations that operate the CAs for which we observed at least one status change from “Revoked” to “Good”. However, we did not find a contact email for one CA that no longer operates: AT&T Wi-Fi Services. We received responses from 5 organizations: Starfield (GoDaddy), Japan Registry, Entrust, ACCV, and Atos. The CAs that responded confirmed that they had issued the certificates in question and provided varying explanations for their behavior. Two CAs argued that their use of “Good” statuses was motivated by RFC 6960 [29], which states that “at a minimum, this positive response [i.e., a “Good” response] indicates that no certificate with the requested certificate serial number currently within its validity interval is revoked.” One of these two CAs also stated that they “are going to consult with the community to clarify the requirements, and then, [they will] follow it.” We believe that CAs should avoid changing the status of revoked certificates to “Good” at any time.
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Korzhitskii, N., Carlsson, N. (2021). Revocation Statuses on the Internet. In: Hohlfeld, O., Lutu, A., Levin, D. (eds) Passive and Active Measurement. PAM 2021. Lecture Notes in Computer Science(), vol 12671. Springer, Cham. https://doi.org/10.1007/978-3-030-72582-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-72582-2_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72581-5
Online ISBN: 978-3-030-72582-2
eBook Packages: Computer ScienceComputer Science (R0)