PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem

TL;DR

The paper introduces PKISN, a novel revocation system for PKI that leverages public logs to securely and efficiently handle certificate revocations, addressing the critical issue of revoking large CA certificates without collateral damage.

Contribution

It proposes PKISN, a new revocation approach using public logs, extending existing mechanisms for easy deployment and providing a full implementation and evaluation.

Findings

PKISN effectively manages certificate revocations with minimal collateral damage.

The system is practical, with a complete implementation demonstrating its feasibility.

PKISN enhances security and privacy in the TLS ecosystem.

Abstract

In a public-key infrastructure (PKI), clients must have an efficient and secure way to determine whether a certificate was revoked (by an entity considered as legitimate to do so), while preserving user privacy. A few certification authorities (CAs) are currently responsible for the issuance of the large majority of TLS certificates. These certificates are considered valid only if the certificate of the issuing CA is also valid. The certificates of these important CAs are effectively too big to be revoked, as revoking them would result in massive collateral damage. To solve this problem, we redesign the current revocation system with a novel approach that we call PKI Safety Net (PKISN), which uses publicly accessible logs to store certificates (in the spirit of Certificate Transparency) and revocations. The proposed system extends existing mechanisms, which enables simple deployment. Moreover, we present a complete implementation and evaluation of our scheme.