On 23 April 2012 22:41, Marsh Ray <ma...@extendedsubset.com> wrote: > > Thought the list might be interested in this little development in the PKI > saga. > > Do you all agree with my assertion that "No one with a clue about PKI > security would believe that a revoked cert provides equivalent security > from misuse as a naturally-expired cert." ? > > - Marsh >
With current client implementations, I agree your statement does hold. I do however disagree with your general premise that six years is too long. Say two companies, A and B, have adopted similar security practices and assume the probability of a cert compromise in a given year for one of them is roughly one in ten thousand, p_yr = 0.0001 Company A has their cert issued with a two year validity, so their probability of compromise is p_2yr = 1 - ( 0.9999 ) ^ 2 ~= 2.10^-4 Company B has their cert issued with a six year validity, so their probability of compromise is p_6yr = 1 - ( 0.9999 ) ^ 6 ~= 6.10^-4 In other words, it makes not a jot of difference to company B: they may be roughly three times more at risk than company A but that's still only a six in ten thousand chance, say. Even if the original p_yr were higher, say one in a thousand, it still doesn't merit any concern for the individual company. If we then turn our attention to the system as a whole: assuming we look at all certificates, does extending the expiry period help reduce the impact on users? Well, actually, counter-intuitively it does not. The rationale is as follows... i. assume at any given time, some rate of compromise of all available issued certs, r; ii. assume also that most certificate forgery is to steel money or commit fraud, so there is an incentive to act quickly and the outlier cases of long-term attacks can be discounted for now; iii. further assume that the maximum time of utility for the attackers to use the cert in ii. is approximately a day. It immediately follows that for a whole-system expiry period of two years the attacker is impeded and r is reduced by roughly 1 / ( 2 . 365 ) = 0.13%. For expiry times of six years that changes to a reduction of 1 / ( 6 . 365 ) = 0.05%. That's a fairly marginal result and if we assume the attacker(s) know(s) this, they will simply avoid tackling certs near expiry, rendering the difference null. So does the expiry period actually matter that much? Intuitively yes, rationally, no. Regards, Peter
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography