On 05/09/14 00:06, Brian Smith wrote: > Precisely defining a short-lived certificate is a prerequisite for a > proper discussion of policy for short-lived certificates. It seems > likely to me that short-lived certificates will be defined as > certificates that would expire before the longest-acceptable-life OCSP > response for that certificate would expire. Then it would be easy to > understand the security properties of short-lived certificates, given > that we understand the security properties of OCSP.
I strongly want to avoid ratholing on this discussion; if I say "OK, let's say for the sake of argument that short-lived is the same as the max OCSP lifetime", then someone else will say "but that's still too long!" and so on. I realise that this issue would need to be resolved precisely before short-lived certs were allowed by policy; but I just don't want to focus on it right _now_. I want to assume that we could come up with an appropriate time window, and work out how Mozilla should push towards making short-lived certs possible, using the options I outlined above. > Previously, we decided it was important that we have evidence that the > OCSP responder know about all certificates that were issued by the CA, > so we made it a requirement that OCSP responders must return not > return "Good" for certificates that they do not know about. But, > accepting short-lived certificates is equivalent to an OCSP responder > returning "Good" for all certificates, whether it knows about them or > not. Is that actually true? I am assuming that if a cert is mis-issued, for a few minutes at least the CA will stand by their issuance, and that the attacker can obtain a good OCSP response for it with a lifetime of X, and staple that response during their attack. So the security properties of that are about the same as those for a cert with lifetime X. Hmm... is there some mileage in saying that OCSP responses for certs during their first week of existence must have a max lifetime of significantly less than for the rest of their lives? That wouldn't increase OCSP server load much, but would perhaps mitigate this issue if the CA were to discover the misissuance soon after it happened. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
