A General, Flexible Approach to Certificate Revocation Dr. Carlisle Adams & Dr. Robert Zuccherato Entrust, Inc.

Similar documents
Example: Revocation Reasons in X.509. Certificate revocation. How to authenticate public keys. Chapter 7 A with certificates.

CRL Processing Rules. Santosh Chokhani March

Energy capture performance

CONTINUING REVIEW 3/7/2016

REPORT General Committee

No. 24 of Professional Boxing Control Board Act Certified on: / /20.

Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)

Fishery Improvement Projects

System Operating Limit Definition and Exceedance Clarification

Improving distillation tower operation

CONTINUITY OF SERVICE PLAN FOR THE LRIT SYSTEM

OIL AND GAS INDUSTRY

Netball Australia Bench Officials Accreditation Framework. Updated 2015

Significant Change to Dairy Heat Treatment Equipment and Systems

THE HORNS REV WIND FARM AND THE OPERATIONAL EXPERIENCE WITH THE WIND FARM MAIN CONTROLLER

Fishery Improvement Projects

Analyses and statistics on the frequency and the incidence of traffic accidents within Dolj County

Which compressed air system design is right for you?

Helicopter Safety Recommendation Summary for Small Operators

IST-203 Online DCS Migration Tool. Product presentation

WHEN TO RUSH A BEHIND IN AUSTRALIAN RULES FOOTBALL: A DYNAMIC PROGRAMMING APPROACH

REQUIREMENTS FOR VALIDATION OF MATHEMATICAL MODELS IN SAFETY CASES

Questions & Answers About the Operate within Operate within IROLs Standard

FINAL ENVIRONMENTAL IMPACT STATEMENT ON RESIDENT CANADA GOOSE MANAGEMENT Questions and Answers

Upgrading Vestas V47-660kW

Date: 21 March General observations:

Calculation of Trail Usage from Counter Data

Violation Risk Factor and Violation Severity Level Assignments Project Generator Verification

1999 On-Board Sacramento Regional Transit District Survey

77th OREGON LEGISLATIVE ASSEMBLY Regular Session. Enrolled. House Bill 2027 CHAPTER... AN ACT

TG GUIDELINES CONCERNING CALIBRATION INTERVALS AND RECALIBRATION

Adaptability and Fault Tolerance

Netball Australia Bench Officials Accreditation Framework. Updated 2018

THERMALLING TECHNIQUES. Preface

Aeronautical studies and Safety Assessment

Part 1: General principles

SAN FRANCISCO MUNICIPAL TRANSPORTATION AGENCY BOARD OF DIRECTORS. RESOLUTION No

Public transport and town planning from a retroactive point of view C. Wallstrom, S. Johansson et al

A study on the relation between safety analysis process and system engineering process of train control system

Technical Standards and Legislation: Risk Based Inspection. Presenter: Pierre Swart

HEALTH CARE SYSTEMS RESEARCH NETWORK

TECHNICAL COMMERCIAL OFFER TURBOGENERATOR UNITS «TURBOSPHERE»

Substitution System SVA National League

THE WAY THE VENTURI AND ORIFICES WORK

Exhibit 1 PLANNING COMMISSION AGENDA ITEM

Acquisition of shares in Sferia S.A. 11 March 2009, Warsaw

Pocatello Regional Transit Master Transit Plan Draft Recommendations

Ranger Walking Initiation Stephanie Schneider 5/15/2012 Final Report for Cornell Ranger Research

A GUIDE TO RISK ASSESSMENT IN SHIP OPERATIONS

Systems of Accounting for and Control of Nuclear Material

What s New in GCP? FDA, OHRP Issue Harmonized Guidance on Transferring IRB Oversight of Clinical Studies

TRAFFIC IMPACT STUDY CRITERIA

Stalking and public access: Guidance on Stalking Communication

Documentation of statistics for Road Traffic Accidents 2014

The Path to LUBRICATION EXCELLENCE

Precision level sensing with low-pressure module MS

Yale University Human Research Protection Program

New generation of Electronic Card Systems: The 4-D Card

A Parametric Study of a High Altitude Airship According to MAAT Multibody Advanced Airship for Transport

November 14, Dulles To DC Loop Public-Private Partnership Proposal. Executive Summary

ISIS Data Cleanup Campaign: Guidelines for Studbook Keepers

City of White Rock. Strategic Transportation Plan. May 16, 2005

The future of UK Gas Security. Findings of a survey of major energy users conducted on behalf of:

CHAPTER 1 INTRODUCTION TO RELIABILITY

Contaminated Air in Cylinders By Ronny J. Coleman

In station areas, new pedestrian links can increase network connectivity and provide direct access to stations.

INTERIM ADVICE NOTE 171/12. Risk Based Principal Inspection Intervals

Arlington County 10-Year Transit Development Plan & Premium Transit Network Briefing. May 2016

Atlantic States Marine Fisheries Commission

Wind Plant Operator Data User's Guide

Tokyo: Simulating Hyperpath-Based Vehicle Navigations and its Impact on Travel Time Reliability

Understanding safety life cycles

Kiefner & Associates, Inc.

The Future of Hydraulic Control in Water-Systems

A Game Theoretic Study of Attack and Defense in Cyber-Physical Systems

ENHANCED PARKWAY STUDY: PHASE 2 CONTINUOUS FLOW INTERSECTIONS. Final Report

EUROPEAN NEW CAR ASSESSMENT PROGRAMME (Euro NCAP) SLED TEST PROCEDURE FOR ASSESSING KNEE IMPACT AREAS

CITY OF NORTH OLMSTED ORDINANCE NO

RESPONSIVE ROUNDABOUTS MYTH OR REALITY

Reviewed: DD Month Management of Closed Radioactive Sources

PERSONALISED TRAVEL PLANNING IN MIDLETON, COUNTY CORK

Applied Fluid Mechanics

Loughborough University Travel Planning

The Corporation of the City of Sarnia. School Crossing Guard Warrant Policy

Risk Management Qualitatively on Railway Signal System

CHAPTER 7 ACCESS MANAGEMENT. Background. Principles of Access Management. Hennepin County Transportation Systems Plan (HC-TSP)

EFFECTIVE DESIGN OF CONVERTER HOODS. 111 Ferguson Ct. Suite 103 Irving, Texas U.S.A. 400 Carlingview Dr. Toronto, ON M9W 5X9 Canada.

A Residential Guide to Neighborhood Speed Enforcement

Registration. Board Members. Iteris Proprietary

The below identified patent application is available for licensing. Requests for information should be addressed to:

Transportation Assessment

M-58 HIGHWAY ACCESS MANAGEMENT STUDY Mullen Road to Bel-Ray Boulevard. Prepared for CITY OF BELTON. May 2016

CITY OF ALPHARETTA DOWNTOWN MASTER PLAN TRAFFIC EVALUATION

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*

City of Ottawa s Complete Streets Approach to Transportation Projects

FINA QUALIFIED TIME-STAMPING PRACTICE STATEMENT

Oklahoma State University Institutional Review Board Standard Operating Procedures

Southside Road. Prepared for: City of St. John s Police & Traffic Committee. Prepared by: City of St. John s Traffic Division

GUIDELINES ON ACCESS AND CONSERVATION ON CRAGS AND CLIFFS

CERTIFICATION IMPACT ANALYSIS: IEC 60065, SEVENTH EDITION vs. GB Audio, video and similar electronic apparatus Safety requirements

Transcription:

A General, Flexible Approach to Certificate Revocation Dr. Carlisle Adams & Dr. Robert Zuccherato Entrust, Inc. 1. Introduction Since public key certificates have a relatively long lifetime, the information they contain can become invalidated during their lifetime with a significant probability. Therefore, checking certificate revocation information is necessary. The standard method of conveying this information is the Certificate Revocation List (CRL). X.509 v1 CRLs have some problems, however. In order to deal with these problems, variants and alternatives to v1 CRLs have been proposed. The problems and their proposed solutions include the following. Since an X.509 v1 CRL issued by an authority must include all valid certificates issued by that authority that have been subsequently revoked, it can become excessively large. Its size is directly proportional to the size of the subscriber community, the lifetime of the certificates, and the probability density of a revocation. The network resource consumed by the distribution of the CRL is directly proportional to the size of the relying party community, the size of the CRL, and its frequency of update. If the subscriber community and the relying party community are the same, then the consumption of network resource is proportional to the square of the size of this community; hence this approach is impractical for large communities. In order to correct this situation, the following solutions have been proposed: CRL Distribution Points, as specified for X.509 v2 CRLs, fragment the full set of certificates issued by the authority into sub-sets, so that each fragment can have its own smaller CRL. Each X.509 v3 certificate has a pointer to the CRL fragment where its revocation status is indicated; The Online Certificate Status Protocol (OCSP), which is currently the subject of an Internet Draft, provides users with revocation information for individual certificates. Thus, users do not receive information about certificates they have no immediate interest in. In order to contain the network resource consumed by the distribution of X.509 v1 CRLs, they are typically updated relatively infrequently. Thus, it is difficult to provide timely, fresh revocation information. The following solutions were developed to address this issue: Delta CRLs use a base CRL or CRL distribution point which may be issued relatively infrequently. The Delta CRLs are then issued more frequently and only contain updates to the base CRL. Since they are small, they can provide timely information without unduly consuming network resources; 1

OCSP can be used to provide timely information as well. Since OCSP responses must be signed in order to provide the necessary evidence, the scalability of this protocol when providing timely information is doubtful. When there is only one CRL, it can be produced by only one entity. The number of certificates or the frequency of CRL issuance can become too large to be handled by one entity. Indirect CRLs are CRL Distribution Points that are signed by other entities. This allows a more scalable solution. Once a strategy employing X.509 v1 CRLs (or Distribution Points, Delta or Indirect CRLs) has been implemented, it is impossible to change the partitioning strategy. Unexpected revocation behaviour then becomes difficult to deal with. The Open CRL Distribution Point proposal attempts to solve this problem by providing unsigned pointers to CRLs that contain a scope statement, describing the range of certificates that the distribution point covers. The use of unsigned pointers, however, leaves this proposal open to denial-of-service attacks. Another criticism of CRLs that has been raised is that they do not contain a positive response (because the absence of a certificate from a CRL indicates that it isn t revoked). This is simply a matter of efficient encoding, based upon the expectation that, at any given time, a higher proportion of valid certificates will not be revoked than are revoked. Certificates and CRLs contain the information necessary to identify the appropriate CRL fragment, and the existence of the appropriate CRL that does not list the certificate in question as being revoked is evidence that the certificate has not been revoked. Unfortunately none of the alternatives listed above is fully satisfactory because none of them solves all of the problems associated with v1 CRLs. So the question remains: Is there a single method of providing certificate revocation information that solves all of the perceived problems with X.509 v1 CRLs? This document will attempt to answer this question. 2. Fresh Revocation Information There is a cost associated with obtaining timely revocation information. This cost must be balanced with the risk of using less timely information. Some applications may be content with revocation information that is a day old. Others require revocation information that is more-or-less instantaneous. It seems reasonable to assume that, if a relying party requires timely revocation information, then it will be willing to pay for this upgraded service in the form of increased processing time and/or network costs. Relying parties that have a more relaxed freshness requirement should not be required to incur increased costs. Alternatively, the authority may insist that only its freshest revocation information should be accepted. Since there are different levels of service that can be offered, it would seem natural that there should be different methods of providing this service to relying parties depending 2

on their needs. For this reason we propose the use of two different certificate extensions: the familiar CRL Distribution Point and a new Freshest Revocation Information Pointer. Authorities may populate certificates with none, one or both of these extensions. Under this proposal, no changes need to be made to the CRL Distribution Point as defined for v2 X.509 CRLs. It points to a CRL fragment that contains revocation information for the certificate in question. These CRL fragments can be issued on a regular schedule. The schedule can be tailored to the needs of the relying party community and the limitations of the CA. The CRL fragments could be distributed by LDAP, HTTP, FTP, etc., so no additional trusted parties are required. The information in the certificate and the corresponding CRL Distribution Point ensure acceptable evidence of certificate revocation. Relying parties that require fresher information can then use the Freshest Revocation Info Pointer extension. This pointer would point to the freshest source of revocation information that this particular CA is prepared to provide, in the form of a Freshest CRL. The Freshest CRL is just a CRL that is updated more frequently than the usual CRL Distribution Point. The issuance interval for a Freshest CRL need not be fixed, and can be changed when needed to provide more timely or relevant revocation information. In fact, the system can be engineered so that the issuance interval for Freshest CRLs is less than the administrative time required for processing a certificate revocation request. In a typical implementation using both extensions, the Freshest CRL would be a Delta CRL having, as its base, the CRL fragment pointed to by the CRL Distribution Point. The full fragment is obtained by combining the Delta CRL with the base CRL. Thus, the Delta CRL would be very small and could provide very timely revocation information. We illustrate this situation below: 3

CRL Certificate CDP FCRL (Delta) FRIP Base Thus, relying parties that do not require up-to-date revocation information can process the CRL Distribution Point, whereas applications that do require up-to-date revocation information can process the Freshest CRL. There is a cost associated with accessing the up-to-date information. Another CRL (the base) needs to be requested and processed and the Freshest (Delta) CRL is very unlikely to be cached. Since the Delta CRLs and base CRLs can be issued on a fixed schedule, however, the authority can control its cryptographic workload. A key point of this proposal is that it uses existing standards, simply defining a new extension for the X.509 v3 Certificate. It also provides flexible control over the parameters that affect performance. 3. Controlling the Size of CRL Fragments In the previous section a method was proposed which makes use of CRL Distribution Points. Distribution Points allow for partitioning of the user space into fragments that can be efficiently processed as a single data object. For most environments, this segmentation of the user space will result in CRLs that do not grow unmanageably large. The Open CRL Distribution Points proposal has however introduced an interesting new concept, that of dynamically updating the space partitioning. In some environments the actual revocation behaviour may be drastically different from that which was expected. This may result in some CRL fragments being excessively large. Highly constrained devices which may not be able to handle CRL fragments larger than a certain limit may find this a particularly difficult problem. 4

For those circumstances in which this is a requirement, we propose a new CRL extension called a Redirect Pointer. This extension will contain a set of scope statements and their associated pointers. Each scope statement will indicate a range of certificates that are covered by the CRL fragment indicated by the pointer. For example, if a CRL Distribution Point covers serial numbers 1000 to 1500, one of the scope statements in a Redirection Pointer contained in that Distribution Point may indicate serial numbers 1100 to 1200. The pointer then points to another CRL fragment that contains the revocation information for all certificates within that range. Thus, after a PKI has been established, and certificates have been issued with a particular distribution point extension, it is still possible to re-partition the distribution points if, for whatever reason, the CRL for that distribution point grows to be unmanageably large. Redirect Pointers would be used in Redirect CRLs. Redirect CRLs are simply CRLs that contain no entries but do contain the (critical) Redirect Pointer extension. The Redirect CRL defines new scope rules and the corresponding location for the new CRL Distribution Point or Freshest CRL. In most instances a Redirect CRL would not be required and so the penalty associated with processing them will not be incurred, but if circumstances dictate re-partitioning, then a solution is available. We illustrate one possible implementation of this proposal in the following diagram: RCRL CRL Scope Certificate CDP FRIP RCRL FCRL (Delta) Scope Base 5

This proposal borrows heavily from the Open CRL Distribution Point proposal. It differs, however, in that the redirection information is signed and thus the user is less open to denial of service attacks. Again, this proposal uses existing standards, simply defining a new extension for the X.509 v2 CRL. It also provides flexibility and the associated cost is incurred only when absolutely necessary. 4. Third-Party Service Providers The X.509 v2 CRL Issuing Distribution Point extension may contain an Indirect CRL indicator that allows the CRL Distribution Point to be issued by a third party service provider. In most applications this facility will not be needed, but it may be useful in large PKIs in which revocation is administered at a point in the organization which is remote from the point at which enrollment is administered. Alternatively, as a convenience to a community of relying parties, a service provider could produce revocation information for a number of different CAs. If these CAs offer their revocation information in accordance with a variety of different protocols, then the third-party may present a single interface to relying parties, in order to simplify the processing required of them. In order to take advantage of this facility, we propose that the Redirect Pointer introduced in the previous section also contain an Indirect CRL indicator. This would allow third parties to be enlisted to aid in processing revocation information. Notice that Redirect Pointers now not only allow for dynamic repartitioning of the space requirements, but also of the scale requirements. Combined with the Freshest Revocation Information Pointer, which allows for dynamic repartitioning of the freshness requirements, what has been described is a general, flexible model for revocation processing which fits completely within the framework of existing standards. 5. Conclusion We have presented a framework that allows CRLs to be small, to provide timely information when needed, to scale and to be flexible. It also has the advantage that it can be engineered at the outset to provide a reliable service meeting certain space, timeliness and scale requirements and can be modified later if these requirements change. This framework is based on established standards and requires only the definition of one additional certificate extension and one additional CRL extension. We believe that there is no need to define new structures, protocols, and trusted third parties to provide small, timely and scalable revocation information. These objectives can be met with minor additions to existing standards. 6. Patent Statement Techniques described in this document may be covered by US patent 5,699,431. A license to use this patented technique is available on a royalty-free, non-onerous basis. 6

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback