Some certificate authorities have banded together to create the Certificate Authority Security Council (CASC) and they're pushing the adoption of online certificate status protocol (OCSP) stapling. What is OCSP and OCSP stapling? Should organizations only use certificates that feature the protocol?
Ask the Expert!
SearchSecurity.com expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)
The SSL/TLS protocols and Web server certificates from publicly trusted Certificate Authorities (CA) play a central role in life on the Internet and are crucial to any online communication of sensitive information. When a Web browser makes a connection to a site using SSL, the Web server's digital certificate is automatically checked for anomalies or problems, and alerts the user if any are found. Typically these warning are that the certificate has expired or the domain name doesn't match the name on the certificate. These checks are a crucial step in any certificate-based transaction as they allow a user to verify the owner of the site and that the page they're viewing is actually coming from the site they intended to visit.
However, certificates may be revoked before their expiration date has been reached, such as when the private key associated with a certificate is compromised or the certificate is forged. Revoked certificates are published on blacklists called Certificate Revocation Lists (CRLs) and are referenced as part of the process of validating a certificate. However, constantly checking CRLs doesn't scale very well when speed, authenticity and validity are required. Even though CRLs are issued every hour, any application -- whether it's a browser or business-to-business process -- validating a certificate by means of CRLs could potentially accept a revoked certificate as valid for nearly 60 minutes.
Bogus certificates have been issued for a range of sites, including Google, CIA, Yahoo, Skype and Microsoft. With a forged certificate, a hacker can disguise a fake and malicious site as being legitimate. The padlock would show in the address bar and a valid certificate would appear if checked, giving the user no indication that the Web site was anything but secure and legitimate. Until the certificate is revoked and CRLs are updated, users are at risk. There are some 2 million trusted certificates issued worldwide every year by CAs and the number of incorrectly or fraudulently issued certificates is extremely low. CAs provide assurance that a Web site is legitimate and work to ensure that nothing can potentially undermine confidence in that assurance.
This is why the recently formed Certificate Authority Security Council (CASC), whose members include the leading CAs, wants to promote an understanding of the importance of certificate-revocation checking, and the adoption and deployment of Online Certificate Status Protocol (OCSP) stapling, which it sees as an important step forward in protecting Web users from malicious certificates.
All major browsers now support OCSP checking, but it's not the certificate that needs to support OCSP stapling but Web servers that have a digital certificate. Let me explain. When a CA receives a CRL request from a browser, it returns a complete list of all the certificates that CA manages that have been revoked. The browser then needs to parse the list and determine if the certificate of the requested site has been revoked. With OCSP, the browser sends the certificate for the site in question to the CA. The CA then returns a response -- good, revoked or unknown -- for that particular certificate. It's a lot less data that doesn't need parsing.
Although this is a lot quicker than a CRL request, it can still create a momentary delay in the SSL handshake. OCSP stapling cuts out the need for a browser to request the OCSP response directly from the CA, because the Web server caches a digitally signed and time-stamped version of the OCSP response from the CA. This allows the Web server to "staple" the OCSP response to the initial SSL handshake, about a 30% reduction in workload than when using plain OCSP.
When enabling and configuring OCSP stapling on a server, the firewall must be configured to allow OCSP requests and responses through, particularly as the OCSP response is refreshed at predefined intervals set by the CA. Certificate revocation still requires a CA to know about a compromise and update their CRL, but it is certainly an improvement in speed and accuracy as freshness of revocation information is an important priority in any digital identity validation protocol.
This was first published in June 2013