Hi,
Google just published the changes they are about to do in the revocation
checking in Chrome :
http://www.imperialviolet.org/2012/02/05/crlsets.html
In my opinion, maybe somewhat opposite to the way they describe it,
fundamentally they are not *at* *all* changing the standard PKI method
of revocation check.
They are instead just solving a number of flaws in the way the CRL
revocation information is fetched by browser, therefore implementing a
new CRL fetching method that *works*, replacing the current *broken* one.
To work properly, CRL fetching must be done in advance of accessing the
site. This never worked properly when you had to individually, locally
determine the list of CRL to download.
Therefore establishing centrally the list of public CRL to download,
and pushing the result to browsers *is* the proper solution.
The other trouble with CRL in that in practice the only solution that's
available is to download complete CRL, that include all revocation
reason, resulting in awful bandwidth requirements.
Whereas the optimal solution would be to download each day a delta CRL,
with only the difference with the previous day, and containing only the
revocation reasons you *really* care about (key compromise).
By centrally converting the CRL format to a proprietary optimized format
that contains only that, they can do it, without implementing in the
browser the complex "delta", "by reason", CRL splitting mechanism that
theoretically exists, but that nobody ever got right (and nobody will,
as getting it right also depends on every CA getting it right, when
their solution just *doesn't*).
The cross-signing (replacing the original signature on CRL by a new
signature/integrity layer) this solution requires is certainly not a
problem, it just has to be done right, which is not difficult when you
already have a secure software update diffusion channel.
In conclusion I'm 100% in favor of Mozilla adopting this solution,
instead of trying to invent new schemes, that are very hard to get right
: Most people spend a lot of time on them only to realize at the end
that making things differently usually only means making a very slightly
differently weighted choice between all the possible parameters of a
security solution, that ends up not really much better than the
original, even thought you were initially convinced the original was
very broken.
I hope I have convinced you Google's solution is not new at all, which
is great. If it's not actually new, it's much easier to be convinced
it's pure *enhancement*, and not change, on the current solution, so
there's no significant drawback, and no initially non-obvious potential
danger, at adopting it.
PS : I probably won't be much on-line in the next one-and-half week,
just had to post this before :-)
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
