/
964.txt
127 lines (92 loc) · 5.6 KB
/
964.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
* プロトコル
[1] [[失効][失効 (証明書)]]情報の伝達方法は色々あります。
[FIG(short list)[
- [[CRL]]
- [[OCSP]]
- [[OCSP stapling]]
- [[CRLSets]]
- [[OneCRL]]
- [[short-lived certificates]]
]FIG]
[3] いずれも問題を抱えており、万能な方法は無いようです。
各実装はそれぞれの方針に従い組み合わせて使っていますが、
それにもそれぞれの問題があるようです。
;; 中には失効の検査を行わない実装もあるようです。
[15] [[CA]] は、[[CRL]] を作成できます。[[証明書]]には、 [[CRL]]
を配布する [[URL]] を記述できます。
[33] [[CA]] は、 [[OCSP]] により失効情報を提供できます。[[証明書]]には、
[[OCSP]] の[[エンドポイント]]の [[URL]] を記述できます。
[[証明書]]を[[検証]]したい者は、[[証明書]]に記述された [[URL]]
を使って [[OCSP]] でアクセスし、[[証明書]]が[[失効]]していないか確認できます。
[35] [[TLSサーバー]]は、予め [[CA]] から [[OCSP]] 情報を入手しておき、
[[TLSクライアント]]に対して [[OCSP stapling]] によってこれを提供できます。
[[TLSクライアント]]は、 [[OCSP]] の処理を [[OCSP stapling]] の情報で代用できます。
[43] [[Google]] は [[CRLSets]] として、 [[Mozilla]] は [[OneCRL]]
として主要な[[証明書]]の失効情報を集約したものを用意し、
[[Chrome]] や [[Firefox]] は定期的にこれをダウンロードして検証に利用します。
* 歴史
[6] [CITE@en[CA:ImprovingRevocation - MozillaWiki]]
([TIME[2015-03-21 11:05:17 +09:00]] 版)
<https://wiki.mozilla.org/CA:ImprovingRevocation>
[8] [CITE@en[CA:RevocationPlan - MozillaWiki]]
([TIME[2015-03-21 11:08:04 +09:00]] 版)
<https://wiki.mozilla.org/CA:RevocationPlan>
[32] [CITE@en[RFC 7525 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)]]
([TIME[2015-05-29 03:22:56 +09:00]] 版)
<https://tools.ietf.org/html/rfc7525#section-6.5>
[2] [CITE@ja[証明書の失効を構成する]]
( ([TIME[2016-05-09 17:14:04 +09:00]]))
<https://technet.microsoft.com/ja-jp/library/cc771079(v=ws.11).aspx>
[9] [CITE@en[ImperialViolet - No, don't enable revocation checking]]
( ([[Adam Langley]]著, [TIME[2016-05-09 20:17:00 +09:00]]))
<https://www.imperialviolet.org/2014/04/19/revchecking.html>
[36] [CITE[The current state of certificate revocation (CRLs, OCSP and OCSP Stapling)]]
( ([TIME[2016-05-09 21:59:02 +09:00]]))
<https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/>
[37] [CITE@en[How Certificate Revocation Works]]
( ([TIME[2016-05-09 22:47:49 +09:00]]))
<https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx>
[FIG(quote)[
[FIGCAPTION[
[38] [CITE@en[Issue 305443 - chromium - Chrome for Android doesn't seem to respect CRL - Monorail]]
( ([TIME[2016-05-09 23:24:53 +09:00]]))
<https://bugs.chromium.org/p/chromium/issues/detail?id=305443>
]FIGCAPTION]
> Oct 9, 2013
> Android has never supported revocation checking.
]FIG]
[FIG(quote)[
[FIGCAPTION[
[39] [CITE@en[Issue 362696 - chromium - Missing warning on revoked certificate - Monorail]]
( ([TIME[2016-05-09 23:29:05 +09:00]]))
<https://bugs.chromium.org/p/chromium/issues/detail?id=362696>
]FIGCAPTION]
> On all platforms that perform revocation checks as a system-level component (eg: on Windows and OS X), we always pass flags to allow cached revocation checks. That is, if another application has caused a revoked certificate to be known, we (Chrome) will treat it as revoked. Additionally, we pass flags to disable online revocation checks. However, in certain circumstances, the OS will ignore those flags and force an online revocation check. In those cases as well, the revocation will be picked up.
> Absent both of those cached settings, however, we utilize CRLSets, the contents of which are described at a previous link and, by design, do not contain *every* revoked certificate.
]FIG]
[40] [CITE[Security FAQ - The Chromium Projects]]
( ([TIME[2016-05-07 09:19:23 +09:00]]))
<https://www.chromium.org/Home/chromium-security/security-faq#TOC-What-s-the-story-with-certificate-revocation->
[41] [CITE@en[ImperialViolet - Revocation still doesn't work]]
( ([[Adam Langley]]著, [TIME[2016-05-09 23:37:03 +09:00]]))
<https://www.imperialviolet.org/2014/04/29/revocationagain.html>
[4] [CITE@en[854346 – Treat expired certs with no revocation information as revoked, and do not allow an override]]
( ([TIME[2016-05-10 21:23:36 +09:00]]))
<https://bugzilla.mozilla.org/show_bug.cgi?id=854346>
[FIG(quote)[
[FIGCAPTION[
[5] [CITE[IO::Socket::SSL - search.cpan.org]]
( ([TIME[2016-05-11 00:32:21 +09:00]]))
<http://search.cpan.org/~sullr/IO-Socket-SSL-2.027/lib/IO/Socket/SSL.pod>
]FIGCAPTION]
> It will also check the revocation of the certificate with OCSP, but currently only if the server provides OCSP stapling (for deeper checks see ocsp_resolver method).
]FIG]
[7] [CITE@ja[Microsoft、不正SSL証明書問題に対処 Firefoxは再度更新 - ITmedia エンタープライズ]]
( ([TIME[2016-05-11 01:05:16 +09:00]]))
<http://www.itmedia.co.jp/enterprise/articles/1109/07/news017.html>
[10] [CITE@en[Add CRL generation to revocation updater · Issue #232 · letsencrypt/boulder]]
( ([TIME[2016-05-11 23:05:41 +09:00]]))
<https://github.com/letsencrypt/boulder/issues/232>
[11] [CITE@en[Check Certificate Revocation Lists the OCSP status of an (SSL) Certificate]]
( ([TIME[2016-05-28 01:59:50 +09:00]]))
<https://certificate.revocationcheck.com/>