Langley: Revocation checking and Chrome's CRL

If I understand how the CRL system works, that would then require every browser to periodically check not just one source, but every single Certificate Authorities' CRL server for any new revocations. Just based on a quick Google search, the EFF's SSL Observatory project has identified at least 1,400 different CA certificates (likely several are from the same CA). Still, even regularly pinging _100_ different entities (I'm sure it's far more than that!) wouldn't be a small amount of extra overhead. Plus, every time a new CA comes about, every browser would then have to learn about it some how, so they can know to check their revocation server.

And this isn't just for the root CAs, but every intermediate.

Seems to me that Google's plan is quite simple, and doesn't depend on technologies that are still struggling to be rolled out. I don't see anything intrinsic in this plan that would benefit Google other than 'making SSL suck less', so I'd imagine they're more than willing to hear alternatives to improve the system further.

Chrome, Firefox, and IE (maybe the others also) already include their own internal blacklist, because the CAs don't always do a great job at revoking things they should revoke, so this wouldn't require a huge amount of new infrastructure for Chrome, just to have the list updatable without requiring a restart of Chrome. There will be some work done on the CA and Google (and whoever else wants to distribute lists, nothing would stop Mozilla from crawling to update the list they already ship). Seems that Google's solution is very straight forward, and puts the least amount of trust in the CA actually doing their job.

You can't sensibly just download a full list of revoked certificates to every system; that represents a *huge* list.

How about aggregating all revoked certificates at one or more intermediate services managed (perhaps jointly) by browser vendors, using a hashed lookup system similar to the one currently used for the "safe browsing" blacklist? Take a look at http://www.morbo.org/2012/02/new-safebrowsing-backend.html for a few of the details on how that system works.

A locally cached and frequently updated status database seems to be a good compromise. It's fast, functional and doesn't disclose all browsing history to a third party, the only downside is that it won't instantaneously notice a revocation but that's way better than the current circumstance where effectively certs are never revoked because clients never check (and the checks fail open in any case).

OCSP pinning seems interesting and fundamentally changes the trust model to that of Kerberos. Actually this seems like it might be a new revenue stream for CAs as they could rent their authentication at an hourly rate.

I don't think stapling suffices. While latency and privacy gives sites an incentive to provide it, most sites will never bother, and more importantly malicious sites will *definitely* not bother. I don't think a system which requires cooperation from every site owner (as opposed to just every CA) has much hope of succeeding anytime soon.

I don't see any reason why Chrome would need to desupport OCSP stapling in order to desupport regular OCSP and CRLs. In fact, the best way to encourage people to move to OCSP stapling is to turn off regular OCSP and CRLs.

The Chrome developers have already spent a while looking whether certificate checking via DNSSEC is feasible; I believe they've been the most active folks on this front recently, and concluded it wasn't feasible right now.