Revocation, the Frailty of PKI

DEF CON 24

Presented by: Trey Blalock (PrivacyGeek), Mat Caughron (cryptofile)
Date: Friday August 05, 2016
Time: 17:00 - 17:50
Location: Village Talks

PKI is weak. One reason is that revocation methods all have failure modes. Direct revocation, Cert Revocation Lists, OCSP (online certificate status protocol predominant on iOS), and now Short Lived Cert's and Certificate Transparency, this presentation will spell out how revocation works, what protocols handle this, and how you can use revocation techniques to improve your security or conduct pen testing. Attendees will walk away with a greater understanding of PKI’s weaknesses, and actionable techniques to wield PKI with greater force and effect. Useful for the general public interested in PKI, and also pen testers and auditors.

Mat Caughron

Mat (aka cryptofile) is a privacy advocate and all around software security guy. Former cisco red teamer, Fortifier, Cigitalist and TMobster. From April 2013 to April 2016, he ran the trust store on a large global set of web clients for the Fruit Company prodsec team. cryptofile self-identifies with *nix and the Alexis Park era cons. @cl0kd

Trey Blalock

PrivacyGeek is a privacy advocate, penetration tester, and countersurveillance advisor. He used to manage global security for the world’s largest financial transaction hub, was a forensics expert witness on several high-profile cases, currently works on large-scale security automation projects and occasionally does talks on Big Data security. PrivacyGeek encourages others to start and support more groups like the EFF to protect different aspects of the Internet and human-rights long-term. @treyblalock


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats