Full Text

As much as I love PKI (public key infrastructure) and the mathematical security it can provide, it's usually horribly implemented in the real world.

If done right, like the inventors intended, it would be darn near perfect. It's mostly broken because admins don't deploy it right, software doesn't enforce what needs to be enforced, and users pretty much bypass any PKI warning, resulting in untold downloads of who knows how much malware.

One of the biggest problems with PKI is something most users don't think about: the broken certificate revocation process. Digital certificates are supposed to be revoked when their private keys become compromised or for some other reason shouldn't be trusted or used, as determined by the CA (certification authority) that issued the certificate. A revoked certificate is supposed to be the same as no certificate.

But what actually happens is that most CA admins never revoke certificates, even when they should. Alternatively, people keep using revoked certificates and no one notices. Even more common, the certificate gets revoked, but the software (or the user) doesn't bother to check. Worse still, the software looks to see if the certificate is revoked, can't validate it one way or another, and the software fails open as if the certificate is good and valid (when the opposite is supposed to happen).

A recent revocation paper published by the University of Maryland offers some excellent data points and conclusions. Here are some highlights:

* Eight percent of the certificates on the Internet scanned over the life of the survey have been revoked.

* Nearly one percent of revoked certificates are still being actively used.

* There was a huge jump in revoked certs due to Heartbleed.

* Based on the authors' examination of the revocation-checking behavior of 30 different combinations of Web browsers and operating systems, browsers frequently do not check whether certificates are revoked -- and mobile browsers never check.

* The median CRL (certificate revocation list) size was 51KB; the max size was 76MB -- that's quite a variation!

* "Overall, our results paint a bleak picture of the ability to effectively revoke certificates today."

The research paper skewers website administrators and browser vendors in equal measure. Both deserve it.

Another great collection of PKI...