OCSP vs CRL: How We Chose the Worst Option and Called It Progress
The HTTPS Revocation Dumpster Fire
A rant, filled with reality checks and hard truths
In the ever-evolving world of web security, it seems we've decided to take a giant leap backward. Why? Because apparently, we can't handle a tiny hiccup in our almost perfect system. So, naturally, the logical solution is to burn it all down and return to the dark ages of the internet. Makes perfect sense, right?
The Players in This Circus
Let's start with a round of applause for our main actors: Microsoft, Google (along with all Chromium-based browsers), and Apple's Safari. These tech giants have collectively decided that "almost perfect" is just not good enough. They're on a mission to transform our security protocols from "nearly flawless" to "spectacularly broken." Bravo!
Oh, but wait! There's a lone voice of reason in this madhouse - Mozilla Firefox. They're being dragged kicking and screaming into this new era of intentional incompetence. Poor Firefox, always the black sheep.
The Grand Plan
So, what's this brilliant scheme, you ask? We're abandoning OCSP (Online Certificate Status Protocol) in favor of CRL (Certificate Revocation Lists). Why? Well, hold onto your hats, folks, because this reasoning is a wild ride.
Imagine this scenario: A single Certificate Authority (CA) gets hit with a DoS attack for more than 24 hours. Oh, the horror! This could potentially break... wait for it... one website. Yes, you heard that right. One. Website. Maybe Two. Basically, who would notice? Well if that CA was Let's Encrypt it could be a big site, but only the sites using Let's Encrypt and an advanced optional feature Let's Encrypt barely even supplies to anyone ever.
So, only if:
- That website uses a certificate from the attacked CA
- It implements OCSP stapling
- It also uses the "must staple" extension
- And the attacked CA can not recover for more than 24 hours since the last time a visitor last got a stapled assertion from server (could be longer grace period than the 24 hour attack realistically)
Clearly, this is a catastrophe of epic proportions that warrants overhauling our entire security infrastructure!
Hyperbolic, obviously. But that's not my hyperbole, that's how these very rational "CA Forum" people are acting, I'm just sharing it with you.
The FUD
Now, in an ideal world, all sites would use "must staple." But assuming we were in that utopia and everyone was using "must staple" today, for issues to actually occur, we'd need to see a massive, coordinated DDoS attack on multiple CAs simultaneously, sustained for over 24 hours. Because that's totally a thing that happens all the time, right?
Never mind that historically, DDoS attacks typically target a single entity and rarely last that long. No, no, we must prepare for the apocalyptic scenario where every CA on the planet is under siege at the same time. It's coming, people! The end is nigh!
The "Solution"
So, what's the answer to this imaginary crisis? Simple! We'll ditch our perfectly functional, privacy-preserving system for one that's demonstrably worse in every way. Enter CRLs - because nothing says "cutting-edge security" like a technology that was outdated over a decade ago.
And use it as the new status quo, not the fallback in an imaginary crisis, but lower the security of everyone, all the time 'just in case'.
This brilliant move will impact developers and implementers worldwide, to rollback to CRL where a rollback was never planned (so really, it's like adding a new feature), sowing confusion and making the entire cybersecurity community look like a bunch of amateurs who make decisions based on bedtime monster stories rather than actual data and logical analysis.
The Dumpster Fire Rages On
As if the CA system wasn't already a hot mess of "trust without verification," we're now downgrading to a state where verification is not just difficult - it's practically impossible. CRLs for leaf certificates are a numerical nightmare. They couldn't scale years ago, let alone handle today's internet, much less tomorrow's.
But hey, who needs a functional revocation system anyway? If we all just collectively agree that certificate revocation is broken and useless, then CRLs will work perfectly! It's foolproof!
The CRLite Silver Lining (Or Is It?)
Now, before you think it's all doom and gloom, let's talk about CRLite. It's like the cool kid in the class of disappointments. Mozilla uses this for intermediate CA revocation (not the certificates servers issue to browsers for websites called a leaf Certificate), and surprise surprise, it actually works! Why? Because there are fewer intermediate CAs, and they've slapped a bloom filter on it to make it 'usable'.
It's like finding a single edible morsel in a dumpster fire of a meal. "Look, this one bit doesn't make me violently ill! Progress!"
But let's not get too excited. CRLite is to our certificate revocation problems what a band-aid is to a severed limb. Sure, it works for the limited scope of intermediate CAs, but throw in the vast ocean of non-CA intermediate or leaf certificates, and we're right back to Struggle Town, population: everyone.
Impending CRLpocalypse
Now, let's put on our fortune-teller hats and gaze into the crystal ball of web security. What do we see? Ah yes, it's the looming specter of people who trust revocation and start using CRL, so.. size issues!
Currently, CRLs are just about manageable because - let's face it - hardly anyone actually uses certificate revocation. It's like that fancy gym membership you have but never use. It exists, but it's not causing any trouble because it's being blissfully ignored.
But what happens if (and it's a big 'if') hearts and minds change? What if people start believing that revocation actually works? What if they start using it... for real?
Imagine a world where people actually care about security (I know, I know, it's far-fetched, but bear with me). In this utopia of security consciousness, every wesite starts revoking certificates left, right, and center. Our CRLs, bless their little digital hearts, would swell faster than a tech bubble in the '90s. You thought Chrome tabs were a problem, think about the Chrome disk space if every website started using CRLs.
What if attackers decided to, DoS the CRL list with revocations on their very important (LOLOLOL) sites?
We're talking exponential growth, folks. CRLs would bloat our browser storage needs. They'd expand quicker than the universe after the Big Bang. They'd... well, you get the picture.
The irony is palpable. If people actually start using the system as intended, it'll collapse under its own weight faster than you can say "certificate revocation".
If attackers thought it was too hard to attack OCSP they'd look at this and say hold-my-beer. This will be a sitting duck! CRL is so laughably attackable it is not even worth me wasting time to tell you, it is so O B V I O U S duh!
But, revocation real usage is.. It's like building a boat that only floats if nobody uses it. Genius!
Take Action!
Now, dear reader, if you've made it this far without throwing your device out the window in frustration, congratulations! You're either a glutton for punishment or someone who actually gives a damn about web security. Either way, I've got a treat for you.
First up, we have tlstrust. It's my little project that verifies trust anchors, actually checking if the entities we're supposed to trust are, you know, trustworthy. Revolutionary concept, I know.
But wait, there's more! If you're into masochism (or just really care about proper security configurations), check out trivialscan. This beauty will verify CRL and OCSP configurations, including CRLite on intermediates and the must-staple option for leaf certs. It's like having a security audit in your pocket, minus the expensive consultant and pointless PowerPoint presentations.
Remember, in a world where security decisions seem to be made by a random number generator, being informed is your best defense. Well, that and a tinfoil hat. But mostly being informed.
In Conclusion (The Grand Finale of Facepalms)
So there we have it, folks. We're abandoning a system that works for one that doesn't, all because of some far-fetched doomsday scenarios. CRLite stands as a tiny island of 'not terrible' in an ocean of 'dear god why', while the ticking time bomb of CRL size issues lurks beneath the surface, just waiting for people to care enough to set it off or some mean MF'er does it first.
In the world of web security, we don't just plan for failure - we engineer it! If it ain't broke... break it yourself, apparently.
Remember, in this brave new world of certificate revocation, we're not just shooting ourselves in the foot - we're nuking the entire leg and calling it progress.
Because at this point, why the hell not?
Web security: where logic goes to die, and facepalms are the new normal. Bravo, tech giants, bravo!