[Cryptography] HP accidentally signs malware, will revoke certificate

ianG iang at iang.org
Mon Oct 13 06:00:50 EDT 2014


On 12/10/2014 00:43 am, Hasan Diwan wrote:
> 
> On 11 October 2014 08:18, ianG <iang at iang.org <mailto:iang at iang.org>> wrote:
> 
>     So a 4 year old expired cert is still a critical
>     piece of infrastructure, and they are still going to revoke it
> 
> 
> Why aren't certificates revoked automatically on expiration? All using a
> revoked/expired certification should do is warn me that "the cert you
> are using has expired/been revoked, please get a new one from foo.com
> <http://foo.com>". What is the other use case I'm missing? -- H


Expiry and revocation were supposed to "mean" the same thing, the cert
could no longer be used.  There was either/or not both, and the
revocation lists typically had scaling problems so had to be kept brief,
'and' was not good.

(Indeed some CAs did revoke on expiry...)

But, there are differences.  It might "mean" the same thing but it can't
mean the same thing, if you get my drift.  Expiry is "can't use" coz you
need to feed the gasmeter to stay warm.  Contractual issue?  Whereas
revocation is "must not use" because there's a gas leak and the house is
about to blow.  Safety issue?

They are completely different in meaning... but not "meaning."

Expiry of course is an optional concept.  If software realised there was
nothing wrong with an expired cert then the game was up.  And, some
software does realise this.  And, expiry can be tricked by changing the
date, so for example the compromised cert (if it is indeed compromise)
can be used to still sign a 3 year old package...  And, it gets very
complicated trying to manage all the corner cases.

So, because of risk analysis not being able to answer the real size of
the problem, HP decided evidently to cover all bases and revoke as well.

The answer to all this is that certs, expiries and especially revocation
simply do not work as advertised.  In short, the only thing that works
is liveness and capabilities, which is the favoured choice for just
about every other system.  But you cannot fix a system like PKI without
staring the architectural myths in the face, and backing off and finding
some honest work to do.  So we're stuck.  HP get tricked that they've
been compromised 4 years ago, and they have to now compromise all their
customers today.  Oops.



iang


More information about the cryptography mailing list