Revocation Statuses on the Internet

TL;DR

This paper provides a comprehensive analysis of certificate revocation statuses on the Internet, revealing their short-lived nature and inconsistencies, and advocates for a transparent revocation standard.

Contribution

It offers the first longitudinal study of revocation statuses, analyzing over 1 million certificates to highlight revocation practices and biases.

Findings

Revocation statuses are short-lived and often disappear quickly.

Significant differences exist in revocation practices among CAs.

Biases and irregularities are present in how revoked certificates are handled.

Abstract

The modern Internet is highly dependent on the trust communicated via X.509 certificates. However, in some cases certificates become untrusted and it is necessary to revoke them. In practice, the problem of secure certificate revocation has not yet been solved, and today no revocation procedure (similar to Certificate Transparency w.r.t. certificate issuance) has been adopted to provide transparent and immutable history of all revocations. Instead, the status of most certificates can only be checked with Online Certificate Status Protocol (OCSP) and/or Certificate Revocation Lists (CRLs). In this paper, we present the first longitudinal characterization of the revocation statuses delivered by CRLs and OCSP servers from the time of certificate expiration to status disappearance. The analysis captures the status history of over 1 million revoked certificates, including 773K certificates mass-revoked by Let's Encrypt. Our characterization provides a new perspective on the Internet's revocation rates, quantifies how short-lived the revocation statuses are, highlights differences in revocation practices within and between different CAs, and captures biases and oddities in the handling of revoked certificates. Combined, the findings motivate the development and adoption of a revocation transparency standard.