Here is a nice article which describes Certificate Revocation List vs Online Certificate Status Protocol.
Credit goes to Mr. R DONATO
Ricky Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.
You can find Ricky on Twitter @f3lix001
Certificate Revocation is used within PKI (Public Key Infrastructure) to instruct the client that the certificate can no longer be trusted. This is required in scenarios where the private key has been compromised.
Prior to a CA issuing a certificate to a company the CA performs a level of validation on the authenticity that the company are who they say they are. There are 3 levels of validation ranging from DV (lowest) level all the way up to EV (highest).
Domain Validation (DV) – This type of certificate is the least expensive of the 3. It requires a basic form of domain validation to be performed. Validation is performed by email.
Organization Validation (OV) – When obtaining an OV certificate the company name is checked against a company register, i.e Chamber of Commerce.
Extended Validation (EV) – Like OV a company search is performed, however the physical location is also checked and the contact who requested the certificate is also validated.
CRL (Certificate Revocation) was first released to provide the CA with the ability to revoke certificates., however due to limitations with this method it was superseded by OCSP.
Below details each of these methods along with their main advantages and disadvantages.
CRL (Certificate Revocation Lists) contains a list of certificate serial numbers that have been revoked by the CA. The client then checks the serial number from the certificate against the serial numbers within the list (sample shown below).
Revoked Certificates: Serial Number: 2572757EAAF2BEC5980067579A0A7705 Revocation Date: May 1 19:56:10 2013 GMT Serial Number: 776DDD15D25C713616E7D4A8EACFB4A1 Revocation Date: May 24 13:03:16 2013 GMT
To instruct the client on where to find the CRL, a CRL distribution point is embedded within each certificate (shown below),
X509v3 extensions: X509v3 Authority Key Identifier: keyid:D1:6D:2E:7C:5C:AD:14:FC:2A:72:92:C2:82:CB:B9:6E:DC:A5:C4:02
X509v3 Subject Key Identifier: 35:42:17:CF:F0:9A:FF:B7:9F:FC:C5:A4:95:D6:68:4F:97:81:1E:1D X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 184.108.40.206.4.1.64220.127.116.11.43 CPS: https://cps.trust-provider.com Policy: 18.104.22.168.2.2
X509v3 CRL DistributionPoints: URI:http://crl.trust-provider.com/McAfeeOVSSLCA.crl
The main disadvantages to CRL are :
· Can create a large amount of overhead, as the client has to search through the revocation list. In some cases this can be 1000’s of lines long.
· CRLs are updated periodically every 5-14 days. Potentially leaving the attack surface open until the next CRL update.
· The CRL is not checked for OV or DV based certificates. Checked for EV certificates.
· If the client is unable to download the CRL then by default the client will trust the certificate.
OCSP (Online Certificate Status Protocol) removes many of the disadvantages of CRL by allowing the client to check the certificate status for a single certificate.
The OCSP process in shown below,
1. Client receives certificate.
2. Client sends OCSP Request to a OCSP Responder (over HTTP) with the certificates serial number.
3. OCSP Responder replies with a certificate status of either Good, Revoked or Unknown (shown below)
Response verify OK
This Update: Jan 19 00:24:56 2011 GMT
Next Update: Jan 26 00:24:56 2011 GMT
The main advantage to OCSP is that because the client can query the status of a single certificate, rather then having to download and parse an entire list there is much less overhead on the client and network.
However the main disadvantages to OCSP are,
· OCSP Requests are sent for each certificate. Because of this there can be a huge over head on the OCSP Responder (i.e the CA) for high traffic websites.
· If the private key was comprised the attacker would need to leverage a MITM attack to intercept and pose as the server. Because most browsers slienty ignore OCSP if the protocol times out OCSP can still not be considered a 100% reliable method for mitigating HTTPS server key comprises.
· The OCSP is not enforced for OV or DV based certificates. Checked for EV certificates.
OCSP Stapling resolves the overhead issues with OCSP and CRL by having the certificate holder (i.e the server) periodically performing the OCSP Request. The OCSP Response is then sent back to the client (i.e stapled) during the SSL handshake.
NOTE The OCSP Response is signed by the CA to ensure that it has not been modified before being sent back to the client.
The main disadvantages with OCSP Stapling are,
· Only supported within TLS 1.2.
· It is still not supported by many browsers . This results in either the OCSP validity method not being used or standard OCSP being used instead.
Certificate Types / Browser Functionality