Revocation the Frailty of PKI

Revocation the Frailty of PKI – Mat Caughron, Trey Blalock


PKI is weak. One reason is that revocation methods all have failure modes. Direct revocation, Cert Revocation Lists, OCSP (online certificate status protocol predominant on iOS), and now Short Lived Cert’s and Certificate Transparency, this presentation will spell out how revocation works, what protocols handle this, and how you can use revocation techniques to improve your security or conduct pen testing. Attendees will walk away with a greater understanding of PKI’s weaknesses, and actionable techniques to wield PKI with greater force and effect. Useful for the general public interested in PKI, and also pen testers and auditors.


Mat (aka cryptophile) (Twitter: @cl0kd) is a privacy advocate and all around software security guy. Former cisco red teamer, Fortifier, Cigitalist and TMobster. From April 2013 to April 2016, he ran the trust store on a large global set of web clients for the Fruit Company prodsec team. cryptofile self-identifies with *nix and the Alexis Park era cons.

PrivacyGeek (Twitter: @treyblalock) is a privacy advocate, penetration tester, and countersurveillance advisor. He used to manage global security for the world’s largest financial transaction hub, was a forensics expert witness on several high-profile cases, currently works on large-scale security automation projects and occasionally does talks on Big Data security. PrivacyGeek encourages others to start and support more groups like the EFF to protect different aspects of the Internet and human-rights long-term.