North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: PKI operators anyone?

  • From: Sean Donelan
  • Date: Wed Sep 05 13:25:37 2007


On Wed, 5 Sep 2007, John Curran wrote:
I dont see verisign roots expiring every five years.

I believe that they're on 30 years or so for the root CA certificates, and shorter periods for the intermediates.

Commercial PKI expiration times are mostly based on how frequently you must pay the CA more money whether or not the certificate's private key was compromised. If a commercial PKI charges you $500 each year to renew a certificate, instead of $500 every two years, the commercial PKI has doubled its revenue.


You could always revoke a certificate's private keys sooner in the event its key is compromised.

In the event a certificate is compromised Certificate Revokation Lists (CRL) lifetimes, not the certificate's lifetime, determines how big the
exposure window for a compromised certificate.


If you re-issue (and check) CRL's daily for 10 year certificates, your exposure is a day, not 10 years.

In the event a CA is compromised, how quickly you can revoke the CA's trust, not the CA's certificate lifetime determines the exposure window.
Commercial CA roots changed to very long life times not because they are more "secure" (insert hand-waving about bits and signing ceremony) but because of the pain of frequently updating them.


If you can remove a CA's root from your trust hierarchy within a day for a 100 year CA root, your exposure is a day, not 100 years.

The "valid dates" in the certificates are pretty much a red-herring; because the actual threat analysis should really be based on other
factors. Most certificate private keys are compromised not because someone figured out how to brute-force the multi-thousand bit keys, but because the computer and all the private keys it could access were compromised by random bits of malware.