View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000282210000-004: ServicesSpecpublic2014-08-15 12:052019-04-06 11:31
ReporterChristian Zugfil Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.03 
Target Version1.03Fixed in Version1.03 
Summary0002822: A revoked certificate should be treated like an untrusted certificate
Description

Table 101 requires the server to return Bad_CertificateRevoked/Bad_CertificateIssuerRevoked if a certificate from the checked chain has been revoked.
Based on the assumption that a revoked certificate would never be part of a trust list, the returned code should be Bad_SecurityChecksFailed.
In contrast to expiration (another change of state of a certificate while it is trusted), a revocation of a certificate is critical.
Revoking a certficate is a way for the issuer to tell that a certificate is no longer trustworthy. There is a good reason for doing this like a leaked private key.
The expiration of a certificate does not imply an immediate risk, so it may also be suppressed by the server.
Someone who has access to the leaked private key of a certificate could probe servers for the error Bad_CertificateRevoked. This gives him at least the information that this certificate is trusted on this server and possibly on other servers on the same network (maybe with outdated revocation lists).
Hiding this information from an attacker was the reason why only the general error Bad_SecurityChecksFailed should be returned to clients with untrusted certificates.

In short:
A revoked certificate should be treated like an untrusted certificate.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0002891 closed Compliance Test Tool (CTT) Unified Architecture A revoked certificate should be treated like an untrusted certificate 
related to 0004704 closedMatthias Damm 10000-004: Services Certificate validation Steps - revocation lists 

Activities

Christian Zugfil

2014-08-19 14:53

reporter   ~0005434

Should be extended to Bad_CertificateRevocationUnknown and Bad_CertificateIssuerRevocationUnknown

Matthias Damm

2014-11-18 18:05

developer   ~0005633

Added statement "If this check fails on the Server side, the error Bad_SecurityChecksFailed shall be reported back to the Client." to Table 101 - Revocation Check

Jim Luth

2014-11-18 18:22

administrator   ~0005636

Reviewed and agreed to edited fix in 1.03.03 and errata edits.

Issue History

Date Modified Username Field Change
2014-08-15 12:05 Christian Zugfil New Issue
2014-08-19 14:53 Christian Zugfil Note Added: 0005434
2014-11-17 20:57 Matthias Damm Category (No Category) => Spec
2014-11-17 20:57 Matthias Damm Assigned To => Matthias Damm
2014-11-17 20:57 Matthias Damm Status new => assigned
2014-11-18 18:05 Matthias Damm Note Added: 0005633
2014-11-18 18:05 Matthias Damm Status assigned => resolved
2014-11-18 18:05 Matthias Damm Resolution open => fixed
2014-11-18 18:20 Jim Luth Issue cloned: 0002891
2014-11-18 18:20 Jim Luth Relationship added related to 0002891
2014-11-18 18:22 Jim Luth Note Added: 0005636
2014-11-18 18:22 Jim Luth Status resolved => closed
2014-11-18 18:22 Jim Luth Fixed in Version => 1.03
2014-11-18 18:55 Jim Luth Target Version => 1.03
2019-04-06 11:31 Bernd Edlinger Relationship added related to 0004704