PKI operators anyone?

John Curran jcurran at
Wed Sep 5 17:36:43 UTC 2007

private reply...  I'm sitting in a building with bunches of root CA's...

At 1:22 PM -0400 9/5/07, Sean Donelan wrote:
>On Wed, 5 Sep 2007, John Curran wrote:
>>>I dont see verisign roots expiring every five years.
>>I believe that they're on 30 years or so for the root CA
>>certificates, and shorter periods for the intermediates.
>Commercial PKI expiration times are mostly based on how frequently you must pay the CA more money whether or not the certificate's private key was compromised. If a commercial PKI charges you $500 each year to renew a certificate, instead of $500 every two years, the commercial PKI has doubled its revenue.

I was referring to the root CA certificate, not the ones downsteam issued to customers.
All of verisgn's roots (class 1,2,3,4) expire in 2036.

>You could always revoke a certificate's private keys sooner in the event its key is compromised.
>In the event a certificate is compromised Certificate Revokation Lists (CRL) lifetimes, not the certificate's lifetime, determines how big the
>exposure window for a compromised certificate.
>If you re-issue (and check) CRL's daily for 10 year certificates, your exposure is a day, not 10 years.
>In the event a CA is compromised, how quickly you can revoke the CA's trust, not the CA's certificate lifetime determines the exposure window.

Absolutely, if you knew of the compromise.  Frankly, if someone succeeded in
brute force attack, they'd likely be very careful about how to use the result to
avoid detection and maximine return.

>Commercial CA roots changed to very long life times not because they are more "secure" (insert hand-waving about bits and signing ceremony) but because of the pain of frequently updating them.

Get a competent staff.  It's not that hard.

>If you can remove a CA's root from your trust hierarchy within a day for a 100 year CA root, your exposure is a day, not 100 years.
>The "valid dates" in the certificates are pretty much a red-herring; because the actual threat analysis should really be based on other
>factors. Most certificate private keys are compromised not because someone figured out how to brute-force the multi-thousand bit keys, but because the computer and all the private keys it could access were compromised by random bits of malware.

Anyone running with a commercial  root server online
shouldn't be operating a CA.


More information about the NANOG mailing list