If you follow discussions around x.509 and SSL you have likely heard that “Revocation Checking is Broken”, you might even hear it will never work therefore we should start over with a technology that isn’t dependent on this concept.
There are some merits to these arguments but I don’t agree with the conclusion, I thought I would summarize what the problems are in this post.
Fundamentally the largest problem is that, as-deployed, all x.509 revocation technologies introduce a communication with a third-party (the Certificate Authority).
This isn’t necessarily a deal breaker but it does have consequences, for example in the case of SSL:
- It can slow down the user’s experience.
- It introduces a new point of failure in a transaction.
These issues can be mitigated through intelligent deployments and engineering but unfortunately this really has not happened, as a result Browsers have implemented what is called “Soft-fail revocation checking”.
With soft-fail revocation checking browsers ignore all conditions other than an authoritative “revoked” message, in the case of OCSP that means if they reach the responder and it says “I don’t know the status” or if it fails to reach the responder it assumes it is “good”.
This behavior is of course fundamentally flawed, the Browsers say they have no choice (I disagree with this conclusion but that’s a topic for another post) other than to behave this way, but why?
The rational is as follows:
- Revocation repositories are not reliable.
- Revocation repositories are slow.
- Revocation repositories are not always available (captive portals).
- Revocation messages are too large to be returned in time.
- There are too many revocation messages to be returned in time.
These are all legitimate concerns, ones that are unfortunately as true today as they were almost a decade ago.
They are not however insurmountable and I think it’s time we as an industry did something about it.