RITM: Revocation in the Middle

Abstract

Although TLS is used on a daily basis by many critical applications, the public-key infrastructure that it relies on still lacks an adequate revocation mechanism. An ideal revocation mechanism should be inexpensive, efficient, secure, and privacy-preserving. Moreover, rising trends in pervasive encryption pose new scalability challenges that a modern revocation system should address. In this paper, we investigate how network nodes can deliver certificate-validity information to clients. We present RITM, a framework in which middleboxes (as opposed to clients, servers, or certification authorities) store revocation-related data. RITM provides a secure revocation-checking mechanism that preserves user privacy. We also propose to take advantage of content-delivery networks (CDNs) and argue that they would constitute a fast and cost-effective way to disseminate revocations. Additionally, RITM keeps certification authorities accountable for the revocations that they have issued, and it minimizes overhead at clients and servers, as they have to neither store nor download any messages. We also describe feasible deployment models and present an evaluation of RITM to demonstrate its feasibility and benefits in a real-world deployment.