This repository was archived by the owner on Oct 6, 2018. It is now read-only.
This repository was archived by the owner on Oct 6, 2018. It is now read-only.
Support for updating expired keys #12
Open
Description
The current procedure for updating expired certificates is to terminate the Yubikey (which revokes the certificate) and enroll it again. This has 2 issues:
- Best practice is to keep the revocation list on a CA as small as possible. We are putting expired/soon to expire smart cards on the revocation list.
- The Yubikey gets reset (terminated) and the user has to re-enter the PIN code.
Clockscrew considerations
- To prevent clockscrew issues and faulty clock implementations, we could implement a threshold of about 24 hours. Is the certificate expired more than 24 hours ago, we simply delete it from the smart card without revocation. This could be configurable.
- Soon to expire certificates should be revoked, as they are technically valid, even for a short amount of time.
Key renewal discussion
- The key renewal strategy depends on a couple of factors:
- The length of time the certificate has been valid
- The length of the key
- The possibility that the key was obtained by a malicious user
- The usage of the key (authentication only, signing and/or encryption)
- It should be configurable to renew keys or reuse keys
*User's PIN
- After termination, the user has to enter his old PIN or get assigned a new one. This depends on the PIN strategy used by the company. It could be prudent to apply the old PIN automatically to the smart card when we just renew the certificate.
- This should be configurable.
Documentation considerations
- We should perhaps keep track of statistics. How many smart cards have been issued? how many have been revoked? how many are expired? how many can be cleaned up?
- Document how to prune Microsoft CA for expired certificates.
- To encourage high security, we could show a security indicator (high/degraded) in the settings window