Abstract
The Transport Layer Security (TLS) Public Key Infrastructure (PKI) is essential to the security and privacy of users on the Internet. Despite its importance, prior work from the mid-2010s has shown that mismanagement of the TLS PKI often led to weakened security guarantees, such as compromised certificates going unrevoked and many internet devices generating self-signed certificates. Many of these problems can be traced to manual processes that were the only option at the time. However, in the intervening years, the TLS PKI has undergone several changes: once-expensive TLS certificates are now freely available, and they can be obtained and reissued via automated programs.
In this paper, we examine whether these changes to the TLS PKI have led to improvements in the PKI’s management. We collect data on all certificates issued by Let’s Encrypt (now the largest certificate authority by far) over the past four years. Our analysis focuses on two key questions: First, are administrators making proper use of the automation that modern CAs provide for certificate reissuance? We find that for certificates with a sufficiently long history of being reissued, 80% of them did reissue their certificates on a predictable schedule, suggesting that the remaining 20% may use manual processes to reissue, despite numerous automated tools for doing so. Second, do administrators that use automated CAs react to large-scale compromises more responsibly? To answer this, we use a recent Let’s Encrypt misissuance bug as a natural experiment, and find that a significantly larger fraction of administrators reissued their certificates in a timely fashion compared to previous bugs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Because of the way the bug manifested itself, the misissued certificates are not a random sample of all certificates. We explore this in Sect. 3.
- 2.
- 3.
- 4.
In order for a certificate to be “CT qualified” in modern browsers such as Chrome, it has to be logged on multiple CT log servers and one of them has to be from a Google log [7].
- 5.
aviator, icarus, argon2018\(\sim \)2023, xenon2019\(\sim \)2023, pilot, rocketeer, skydiver.
- 6.
We intentionally exclude pre-certificates from the analysis (which Let’s Encrypt has published as well since 2018 [17]) as they do not guarantee the issuance of their actual (final) certificates.
- 7.
Thus, if the same client adds or removes one domain, it changes the SAN list. Therefore, ACME processes it as a separate certificate request, not a reissuance, thereby supporting our methodology of grouping by domain sets.
References
Aas, J., et al.: Let’s encrypt: an automated certificate: authority to encrypt the entire web. In: CCS (2019)
Cangialosi, F., et al.: Measurement and analysis of private key sharing in the HTTPS ecosystem. In: CCS (2016)
Chung, T., et al.: Measuring and applying invalid SSL certificates: the silent majority. In: IMC (2016)
Chung, T., et al.: Understanding the role of registrars in DNSSEC deployment. In: IMC (2017)
CAA Rechecking Bug. https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591
Certbot User Guide. https://certbot.eff.org/docs/using.html
Certificate Transparency in Chrome (2019). https://github.com/chromium/ct-policy/blob/master/ct_policy.md
Durumeric, Z., et al.: The matter of heartbleed. In: IMC (2014)
Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the HTTPS certificate ecosystem. In: IMC (2013)
Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: USENIX Security (2013)
Heartbleed Bug. http://heartbleed.com
Laurie, B., Langley, A., Kasper, E.: Certificate Transparency. RFC 6962, IETF (2013). http://www.ietf.org/rfc/rfc6962.txt
Liu, Y., et al.: An end-to-end measurement of certificate revocation in the web’s PKI. In: IMC (2015)
Let’s Encrypt. https://letsencrypt.org
Let’s Encrypt Community Support: 2020.02.29 CAA Rechecking Bug. https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/3
Let’s Encrypt Stats. https://letsencrypt.org/stats/
LetsEncrypt: Submit final certs to CT logs (#3640). https://github.com/letsencrypt/boulder/commit/1271a15be79b9717ee5b98e707b76e7ac86a9a0e
Matsumoto, S., Reischuk, R.M.: IKP: turning a PKI around with decentralized automated incentives. In: IEEE S&P (2017)
Scheitle, Q., et al.: A first look at certification authority authorization (CAA). CCR 48(2), 10–23 (2018)
Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: results from the 2008 debian OpenSSL vulnerability. In: IMC (2009)
Zhang, L., et al.: Analysis of SSL certificate reissues and revocations in the wake of Heartbleed. In: IMC (2014)
Zhang, L., et al.: Analysis of SSL certificate reissues and revocations in the wake of heartbleed. CACM 61(3) (2018). https://cacm.acm.org/magazines/2018/3/225489-analysis-of-ssl-certificate-reissues-and-revocations-in-the-wake-of-heartbleed/fulltext
Acknowledgments
We thank the anonymous reviewers and our shepherd, Cecilia Testart, for their helpful comments. This research was supported in part by NSF grants CNS-1900879 and CNS-1901325.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Omolola, O., Roberts, R., Ashiq, M.I., Chung, T., Levin, D., Mislove, A. (2021). Measurement and Analysis of Automated Certificate Reissuance. In: Hohlfeld, O., Lutu, A., Levin, D. (eds) Passive and Active Measurement. PAM 2021. Lecture Notes in Computer Science(), vol 12671. Springer, Cham. https://doi.org/10.1007/978-3-030-72582-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-72582-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72581-5
Online ISBN: 978-3-030-72582-2
eBook Packages: Computer ScienceComputer Science (R0)