[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRLs as wandering anti-matter

> 	If you have dated CRLs, then you have effectively a two-part certificate, 
> each with a date range and therefore the combination has a date range.
> The combination is equivalent to a short-expiry certificate, probably in
> execution time as well as net traffic.
>  - Carl

Actually, short-lived certificates likely involve *less* traffic than
CRL's with an equivalent lifespan.  CRL's move work from the signer to
the verifier.

Let's consider the case of 100 clients, each from 10 different CA's,
each making 10 requests during the short-validity-period to a single
server.  I'm going to be a fuzzy about the distinction between CA and
certificate repository here.

Assume mutual authentication is in use.

short-lived certificates:
	The server initiates one `transaction' with a CA
		to get its short-lived certificate.

	Each client does one `transaction' with a CA,
	and 10 `transactions' with the server.

	total traffic:
		101 transactions to CAs
		1000 transactions to server.

short-lived crl's:
	each client does one transaction with a CA for the CRL
		covering the server.
	and does 10 transactions with the server, 

	each server does one transaction per unique CA with the
		various ca's to get the CRL covering the client.

	total traffic:
		110 transactions to CAs
		1000 transactions to server.

0) this *assumes* that caching is in place and nothing gets bumped out
of the cache..

1) Note that, in the CRL case, all the additional work is given to the
server.  Given that one maxim for building high-fanout distributed
systems is "move the work to the client", this seems *very* wrong..

2) also note that fetching the CRL covering the client has to happen
while the client is waiting for the server to finish... i.e., this
adds latency, and variability in latency, to transactions, which users
will find very annoying.  Short-lifetime certificates can be requested
asynchronously a short while in advance of when they're needed (e.g.,
shortly before the previous one expires), so they don't necessarily
introduce any additional latency into the system.

						- Bill