0002891: A revoked certificate should be treated like an untrusted certificate - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0002891	Compliance Test Tool (CTT) Unified Architecture	Api Change	public	2014-11-18 18:20	2018-11-09 16:00

Reporter	Jim Luth	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Target Version	1.02.336.273

Summary	0002891: A revoked certificate should be treated like an untrusted certificate
Description	Table 101 requires the server to return Bad_CertificateRevoked/Bad_CertificateIssuerRevoked if a certificate from the checked chain has been revoked. Based on the assumption that a revoked certificate would never be part of a trust list, the returned code should be Bad_SecurityChecksFailed. In contrast to expiration (another change of state of a certificate while it is trusted), a revocation of a certificate is critical. Revoking a certficate is a way for the issuer to tell that a certificate is no longer trustworthy. There is a good reason for doing this like a leaked private key. The expiration of a certificate does not imply an immediate risk, so it may also be suppressed by the server. Someone who has access to the leaked private key of a certificate could probe servers for the error Bad_CertificateRevoked. This gives him at least the information that this certificate is trusted on this server and possibly on other servers on the same network (maybe with outdated revocation lists). Hiding this information from an attacker was the reason why only the general error Bad_SecurityChecksFailed should be returned to clients with untrusted certificates. In short: A revoked certificate should be treated like an untrusted certificate.
Tags	No tags attached.

Files Affected

Christian Zugfil 2014-11-18 18:20 reporter ~0005634	Should be extended to Bad_CertificateRevocationUnknown and Bad_CertificateIssuerRevocationUnknown

Matthias Damm 2014-11-18 18:20 reporter ~0005635	Added statement "If this check fails on the Server side, the error Bad_SecurityChecksFailed shall be reported back to the Client." to Table 101 - Revocation Check

~~Nathan Pocock~~ 2016-02-12 17:44 viewer ~0006718	Added and ready for inclusion in next CTT release. Issue will be closed on external confirmation.

Paul Hunkar 2018-11-09 16:00 administrator ~0009563	reviewed in call 11/9/2018

Date Modified	Username	Field	Change
2014-11-18 18:20	Jim Luth	New Issue
2014-11-18 18:20	Jim Luth	Status	new => assigned
2014-11-18 18:20	Jim Luth	Assigned To	=> Matthias Damm
2014-11-18 18:20	Jim Luth	Issue generated from: 0002822
2014-11-18 18:20	Jim Luth	Relationship added	related to 0002822
2014-11-18 18:21	Jim Luth	Project	10000-004: Services => Compliance Test Tool (CTT) Unified Architecture
2014-11-18 18:21	Jim Luth	Category	Spec => Api Change
2015-01-21 20:57	~~Nathan Pocock~~	Assigned To	Matthias Damm => Nathan Pocock
2015-01-21 20:57	~~Nathan Pocock~~	Status	assigned => acknowledged
2015-01-21 20:57	~~Nathan Pocock~~	Product Version	1.03 =>
2015-01-21 20:57	~~Nathan Pocock~~	Target Version	1.03 => 1.02.336.273
2016-02-12 17:44	~~Nathan Pocock~~	Note Added: 0006718
2016-02-12 17:44	~~Nathan Pocock~~	Status	acknowledged => resolved
2016-02-12 17:44	~~Nathan Pocock~~	Resolution	open => fixed
2018-11-09 16:00	Paul Hunkar	Note Added: 0009563
2018-11-09 16:00	Paul Hunkar	Status	resolved => closed
2018-11-09 16:00	Paul Hunkar	Assigned To	Nathan Pocock =>