[SSL Observatory] Frequent cert issuers and an estimate for Sovereign Keys protocol alteration bound against DOS

[Peter Eckersley]

On Sun, Dec 04, 2011 at 07:37:01AM +0100, Ondrej Mikle wrote:
 
> The issuing frequency might be a good lead for setting DOS-protection limit of
> allowed protocol changes per time unit in Sovereign Keys implementation
> (original draft had 5 changes per month, IIRC).

Note that in the current Sovereign Keys draft design doc, changes to the
operational keys on a webserver would not require any writing to the SK timeline.
So long as each new operational key/X.509 chain was cross-signed by the
Sovereign Key, it would work.  The only time you write to the timeline is if
you need to revoke or renew the offline Sovereign Key, or change what
protocols (HTTP, SMTP, POP, IMAP, XMPP, etc) it is active for.

A somewhat relevant aside: the cross-signatures would be embedded in
their own extraneous X.509 certs, so the Sovereign Key operator could choose
what if any revocation mechanisms they wanted to use for their operational
keys (OCSP, CRLs, short-lived cross signatures, or null).

> 
> One additional consideration for "pinning cert protocols" (DANE, Sovereign Keys,
> Auditable CAs, ...) is that such a frequent change must reflect fast to relying
> clients. Shouldn't be really a problem, just a point to note.
> 

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993