PKI operators anyone?

Sean Donelan sean at
Wed Sep 5 17:22:21 UTC 2007

On Wed, 5 Sep 2007, John Curran wrote:
>> I dont see verisign roots expiring every five years.
> I believe that they're on 30 years or so for the root CA
> certificates, and shorter periods for the intermediates.

Commercial PKI expiration times are mostly based on how frequently you 
must pay the CA more money whether or not the certificate's private key 
was compromised. If a commercial PKI charges you $500 each year to renew a 
certificate, instead of $500 every two years, the commercial PKI has 
doubled its revenue.

You could always revoke a certificate's private keys sooner in the event 
its key is compromised.

In the event a certificate is compromised Certificate Revokation Lists 
(CRL) lifetimes, not the certificate's lifetime, determines how big the
exposure window for a compromised certificate.

If you re-issue (and check) CRL's daily for 10 year certificates, your 
exposure is a day, not 10 years.

In the event a CA is compromised, how quickly you can revoke the CA's 
trust, not the CA's certificate lifetime determines the exposure window.
Commercial CA roots changed to very long life times not because they are 
more "secure" (insert hand-waving about bits and signing ceremony) but 
because of the pain of frequently updating them.

If you can remove a CA's root from your trust hierarchy within a day for a 
100 year CA root, your exposure is a day, not 100 years.

The "valid dates" in the certificates are pretty much a red-herring; 
because the actual threat analysis should really be based on other
factors. Most certificate private keys are compromised not because someone 
figured out how to brute-force the multi-thousand bit keys, but because 
the computer and all the private keys it could access were compromised by 
random bits of malware.

More information about the NANOG mailing list