Temporal Analysis of X.509 Revocations and their Statuses

Adam Halim, Max Danielsson, Martin Arlitt and Niklas Carlsson


Paper: Adam Halim, Max Danielsson, Martin Arlitt and Niklas Carlsson, "Temporal Analysis of X.509 Revocations and their Statuses", Proc. International Workshop on Traffic Measurements for Cybersecurity (WTMC), June 2022. (pdf)

Abstract: Despite the X.509 public key infrastructure (PKI) being essential for ensuring the trust we place in our communication with web servers, the revocation of the trust placed in individual X.509 certificates is neither transparent nor well-studied, leaving many unanswered questions. In this paper, we present a temporal analysis of 36 million certificates, whose revocation statuses we followed for 120 days since first being issued. We characterize the revocation rates of different certificate authorities (CAs) and how the rates change over the lifetime of the certificates. We identify and discuss several instances where the status changes from ``revoked" to ``good", ``unauthorized" or ``unknown", respectively, before the certificate's expiry. This complements prior work that has observed such inconsistencies in some CAs' behavior after expiry but also highlight a potentially more severe problem. Our results highlight heterogeneous revocation practices among the CAs.

Data collection tool and datasets

To help build upon our work, below, we make available datasets and collection tools.

The dataset can be downloaded here [add link] and the collection tool here [github].

If you use our tool or datasets in your research, please include a reference to our WTMC 2022 paper (pdf) in your work.

Dataset A

The dataset contains OCSP statuses of revoked certificates in a "Tab"-separated text file with the following fields:
  1. certificate: an internal certificate ID
  2. first_pass_status: status code returned during the first pass
  3. not_before: start of the validity period of a certificate
  4. not_after: end of the validity period of a certificate
  5. status: status code
  6. status_time_min_unix: the first time the status code was observed for the certificate
  7. status_time_max_unix: the first time the status code was observed for the certificate
  8. count: number of status observations with the code during the above interval
  9. certificate: an internal certificate ID (duplicate)
  10. serial: serial number of a certificate
  11. name: common name of a certificate
  12. subject: certificate subject, JSON encoded
  13. issuer: issuer, JSON encoded
  14. version: certificate version, OpenSSL enumeration
  15. purposes: certificate purposes, JSON encoded
  16. hash: certificate hash, SHA256
  17. basicConstraints:
  18. keyUsage: keyUsage as interpreted by OpenSSL
  19. extendedKeyUsage: extended key usage as interpreted by OpenSSL
  20. authorityKeyIdentifier: reference to the key of the issuer
  21. subjectAltName: alternative common names, e.g. additional domains
  22. hasSCT: set to 1, if the certificate contains at least one Signed Certificate Timestamp
  23. keyType: key type (e.g. RSA, EC)
  24. keyBits: key length in bits
  25. extensions: certificate extensions, JSON encoded
  26. isEV: set to 1, if the certificate is an Extended Validation certificate
  27. ctLog: the CT log URL where the certificate was captured from
  28. certType: certificate type (DV/OV/EV)
  29. revocationReason: CRLReason from RFC 3280 (https://datatracker.ietf.org/doc/html/rfc3280). -1 if no reason was given.
  30. revocationDate: time when revocation was observed (in unixtime).
  31. unrevocation:
  32. verifiedNSS: 1 if certificate is verified against NSS root store, 0 otherwise.
  33. verifiedApple: 1 if certificate is verified against Apple root store, 0 otherwise.
  34. verifiedMicrosoft: 1 if certificate is verified against Microfost root store, 0 otherwise.
The timestamps are provided in the form of Unix-timestamps.

Status codes:

Citation format

When citing our dataset or work, please cite the conference version of the paper: