David Levin - Revocations Are Dead, Long Live Revocations
From Katie Gentilello January 31st, 2018
32 plays
32
0 comments
0
Related Media
The importance of the web’s public key infrastructure (PKI) cannot be overstated: it is what allows users to know with whom they are communicating online. Central to its correct operation is the ability to “revoke” certificates in the wake of a compromised key. For revocations to work: (1) website administrators must request to have their certificates revoked, (2) browser manufacturers must regularly check for revocations, and (3) above all, no one should share their private keys. Using Internet-wide measurements, I will show that all of these are violated on a regular basis, largely due to perverse economic incentives. I will also present a promising path forward: a new system, CRLite, that compactly represents all revocations in only tens of kilobytes per day. CRLite shows that, at last, it is feasible for every client to download every revocation everyday.
https://mediaspace.gatech.edu/media/levin/1_01qazfs0
https://mediaspace.gatech.edu/media/levin/1_01qazfs0
- Tags
- name
- David Levin
- Date
- January 12th, 2018
- Appears In
Link to Media Page
Loading