Security considerations for future-dated OCSP responses and stolen private keys. #386
Conversation
| If a CA mis-issues a certificate for a domain, this specification provides a way | ||
| to detect the mis-issuance and mitigate harm within approximately two weeks. | ||
| Specifically, because all signed exchanges must include a | ||
| `SignedCertificateTimestampList` ({{?RFC6962}}, the mis-issued certificate will |
There was a problem hiding this comment.
It's stronger than "should". How about "a CT log has promised to publish the mis-issued certificate within"?
There was a problem hiding this comment.
SGTM! Yeah, just wanted to call out 'expected'/'required' from 'actual' behaviour :)
| Clients could use systems like {{CRLSets}} and {{OneCrl}} to revoke the | ||
| intermediate certificate that signed the future-dated OCSP responses. | ||
|
|
||
| ### Stolen private keys |
There was a problem hiding this comment.
I'm not sure if this PR is the best place to address it, but it does heavily overlap with the OCSP analysis you provided and the discussion of short-lived certs; namely, the security considerations of validation risks to certificates.
Grossly oversimplifying:
- Because these certificates can be used without being on path, then exploits in validation practices become more useful
- OCSP is reactive, once an issue is detected
- CAA (and lifetimes) are useful in ensuring robustness at time of issuance
- These methods (CAA, OCSP, reduced lifetime) are existing issues that the ecosystem faces; the only difference is in the calculus about being on-path, hence stronger mitigations than the status-quo
There was a problem hiding this comment.
Oh, and I mention it here because private key compromise and validation compromise are similar in the capabilities they grant, with key compromise being less detectable.
There was a problem hiding this comment.
That's a good unifying point. I'm going to send another PR to talk about it after the CAA requirement is merged.
@sleevi, how's this look?
Preview at https://jyasskin.github.io/webpackage/future-dated-ocsp/draft-yasskin-http-origin-signed-responses.html#seccons-off-path