[cabfpub] Ballot 153 – Short-Lived Certificates

Ryan Sleevi sleevi at google.com
Fri Oct 30 15:14:41 MST 2015


On Fri, Oct 30, 2015 at 3:09 PM, kirk_hall at trendmicro.com <
kirk_hall at trendmicro.com> wrote:

> I was happy to see the link to the academic study “An End-to-End
> Measurement of Certificate Revocation in the Web’s PKI” in Ryan’s response
> – this is a very impressive study of revocation checking issues by nine
> academic members of four highly respected universities (Northeastern, Univ.
> of Maryland, Duke/Akamai Tech., and Stanford).  Their findings should not
> be ignored or minimized.
>
> Here is the link again:
>
> http://www.cs.umd.edu/~dml/papers/revocations_imc15.pdf
>

Without attempting to ignore or minimize their research, there are issues
with the testing methodology and understanding that may have contributed to
incorrect findings with respect to several behaviours.

As perhaps a very real and tangible example, the results for iOS are not
reflective of the real world, due to the use of the simulator, which has an
entirely different library responsible for certificate validation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151030/e968f243/attachment.html 


More information about the Public mailing list