Revocation

Question 1

Certificate Revocation

Answer 1

• Abortive ending of the binding between subject and key (public key certificate) OR subject and attributes (attribute certificate)
• Is initiated by the subject OR the issuer

Question 2

Revocation requirements

Answer 2

• Revocation information is publicly available
• Authenticity can be checked by everyone
• Revoked certificate is unambiguously identified
• Information about the time of the revocation
• Optional:
  -> Revocation reason
  -> Temporary revocation
  -> X.509: CAs are responsible for publishing revocation information

Question 3

Revocation mechanisms

Answer 3

• Dedicated infrastructure for dissemination of authentic revocation information
• Certificate Revocation List (CRLs)
• Online Certificate Status Protocol (OCSP)
• Certificate Revocation System (CRS)
• Certificate Revocation Trees (CRT)
• Revocation in PGP
• Alternative: Very short certificate validity period -> no revocation needed

Question 4

Structure of a CRL

Answer 4

• Version
• Signature ID
• Issuer
• This Update
• Next Update
• List of revoked certificates (sequence of CRL entries)
• CRL-extensions
• Signature

Question 5

Structure of a CRL entry

Answer 5

• userCertificate
• revocationDate
• CRLEntry-extensions

Question 6

CRL Extensions

Answer 6

• can affect the CRL as a whole OR
• each single CRL entry (all of them)

Question 7

CRL extensions: AKI/IAN

Answer 7

• Authority Key Identifier
• Issuer Alternative Name

Question 8

CRL extensions: CRL Number

Answer 8

• Monotonically increasing sequence number
• Non-critical extension, must be included in all CRLs
• To determine when a particular CRL supersedes another CRL
• Two CRLs for same scope generated at different times must not have same CRL number
• Supports the use of Delta CRLs
  -> Complete and Delta CRLs for a given scope must share one numbering sequence

Question 9

CRL extensions: Issuing Distribution Point

Answer 9

• Critical extension
• Identifies the CRL distribution point and scope
• Indicates whether the CRL covers revocation for:
  -> end-entity certificates only,
  -> CA certificates only,
  -> Attribute certificates only,
  -> a limited set of reason codes

Question 10

CRL entry extensions

Answer 10

• Affect the current CRL entry AND MAYBE
• Some following ones (but not necessarily all of them)

Question 11

CRL entry extensions: Reason Code

Answer 11

• Non-critical extension
• Identifies the reason for certificate revocation

Question 12

CRL entry extension: Hold Instruction Code

Answer 12

• Non-critical extension
• Indicates the action to be taken after encouraging a certificate that has been places on hold
• Standard actions: None, contact issuer or reject certificate, reject certificate

Question 13

CRL entry extension: Invalidity Date

Answer 13

• Non-critical extension
• Provides the (suspected) date on which the certificate became invalid
• CRL issuers are strongly encouraged to share this data with CRL users

Question 14

Publishing CRLs

Answer 14

• Most common: Web pages, LDAP
• File transfer protocol
• CRL push services (broadcasts)

Question 15

CRL push service

Answer 15

• CRLs are delivered to registered clients
• Searching for a CRL is unnecessary
• Can only be used online
• Suitable for e.g. computer in Intranet, Servers
• Covers only certificates of few PKIs

Question 16

Locating a CRL

Answer 16

• Using the policy: the policy of the issuer names places where its CRLs are published
• Using the certificate: CRLDistributionPoints extension

Question 17

Locating a CRL: CRLDistributionPoints extension

Answer 17

• X.509 Certificate extension
• Non-critical
• Identifies how CRL information is obtained -> Pointer to the places where the CRL will be located (usually as a URL)
• Usage recommended
• Realized by the most typical applications

Question 18

CRL properties

Answer 18

• Can be used offline (CRL caching)
• Easy implementation & management
• High information content (extendable!)
• The CRL (full CRL) contains information about all revoked certificates (size increases monotonically)
• All information is transferred at the same time
  -> High load (peak) at “next update” time
  -> Long validity period -> bad timeliness
  -> Short validity period -> bad performance

Question 19

Over-Issued CRLS

Answer 19

• CRLs issued more frequently than “nextUpdate” requires
• e.g., on a regular basis or with every certificate revocation
• frequency of the update is chosen by the client
  -> improved timeliness
  -> better load distribution

Question 20

Delta CRL

Answer 20

• Format like a “normal” CRL + Delta CRL Indicator extension
• Contains all changes since Base CRL was issued
• Associated to Base CRL by the BaseCRLNumber
  -> Better network load, better scalability
  -> Slightly increases administration costs (client and server)
• Can be combined with Over-Issued CRLs:
  -> Together with each Full CRL also Deltas to the still valid CRLs are issued

Question 21

X.509 CRL extensions: Delta CRL Indicator

Answer 21

• Critical extension
• Identifies a CRL as being a Delta CRL
• Contains a single value called BaseCRLNumber
• The BaseCRLNumber identifies the CRL used as the starting point in the generation of this Delta CRL
• The referenced base CRL must be published as a complete CRL

Question 22

X.509 CRL extensions: Freshest CRL

Answer 22

• (aka Delta CRL Distribution Point)
• Non-critical extension
• Identifies how to obtain Delta CRLs
• Must not appear in Delta CRLs

Question 23

Indirect CRLs

Answer 23

• Issuer of the CRL is not the issuer of the certificates
• Revocation can be delegated
• Revocation instance can operate online even if certificate issuer is offline
• Reflects the different security requirements on the keys that are used for signing certificates and the ones that are used for signing CRLs

Question 24

X.509 CRL entry extension: Certificate Issuer

Answer 24

• Critical extension
• Identifies the certificate issuer associated with an entry in an indirect CRL
• If this extension is not present:
  -> on the first entry in an indirect CRL: the certificate issuer defaults to the CRL issuer
  -> on subsequent entries: the certificate issuer for these entries is the same as that for the preceding entry

Question 25

CRL segmentation

Answer 25

- Revocation information for disjoint sets of certificates is split up into multiple Partitioned CRLs - Relevant CRL identified: -> Directly: Multiple CRLDistributionPoints, or -> Indirectly: CRLDistributionPoints extension points to a special Redirect CRL - Redirect CRL -> Set of pairs (CRLDistributionPoint, Scope) -> The scope describes a set of certificates -> Advantage: Can be changed later

Question 26

Vor-/Nachteile: Full-CRL

Answer 26

- Vorteile: -> Informationsgehalt hoch -> Management einfach -> Implementierung einfach - Nachteile: -> Schlechte Skalierbarkeit -> Hohe Last zum Zeitpunkt nextUpdate -> Langer Gültigkeitszeitraum: schlechte timeliness vs. kurzer Gültigkeitszeitraum: schlechte Performance

Question 27

Vor-/Nachteile: Over Issued

Answer 27

- Vorteile: -> Verbesserte Timeliness -> Updateverhalten vom Client wählbar -> Verbesserte Lastverteilung - Nachteile: -> erhöhte Last wenn Clients alle CRLs herunterladen -> Häufiges Erstellen der CRLs

Question 28

Vor-/Nachteile: Partitioned-CRL

Answer 28

- Vorteile: -> Partitionierung nach Typ, Seriennummernbereich oder Namensbereich gültig -> Beschleunigung der Prüfung durch kürzere CRLs - Nachteile: -> Segmentierung zu späterem Zeitpunk nicht änderbar

Question 29

Vor-/Nachteile: Redirect-CRL

Answer 29

- Vorteile: -> Segmentierung nachträglich änderbar -> Sperrinformationen werden auf mehrere CRLs aufgeteilt (Segmentation) - Nachteile: -> Erhöhter Verwaltungsaufwand -> Komplexe Implementierung

Question 30

Vor-/Nachteile: Indirect-CRL

Answer 30

- Vorteile: -> Zertifikatssperrung kann delegiert werden -> Sperrinstanz kann unabhängig vom Aussteller der Zertifikate (online) agieren -> Vereinfacht und beschleunigt CRL-Verwaltung beim Benutzer - Nachteil: Schlechte Skalierbarkeit