Resources | Resources |



Certificate revocation

Certificate revocation is a common response when a key is compromised. For reasons of usability, Brew MP does not currently support a Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) to monitor for compromised keys. CRLs and OCSP require periodic connections back to the server to refresh the list of compromised keys. CRLs and OCSP deployments are subject to a class of attacks that countersigning avoids - malicious applications that prevent access to updated CRLs. Additionally, though mobile phones are usually connected, they may be out of coverage, so requiring a real-time verification of key validity is problematic.

For revocation-dependent signature verification, the inability to update a CRL leaves two undesirable options:

  • Run code with no regard for the relative freshness of the CRL, which is akin to having no revocation check at all.
  • Prevent any digitally signed code from executing, thus degrading and potentially bricking the phone in the event of the above attack or prolonged spells with no data connectivity.

Today, Brew MP supports countersigning to manage the compromised key scenario. A future version of Brew MP may support OCSP or CRLs.