[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CRL format revision -Reply -Reply
>>> Michael Warner <m.warner@trl.telstra.com.au> 08/07/96 05:31pm >>>
Bob Jueneman writes:
> As long as you are departing substantially form the X.509
> certificate format, you should perhaps consider departing from the
> CRL paradigm entirely, and moving to an on-line, positive acknowledgment
> of the validity of a signature/certificate.
The whole point of public key cryptography is to remove the need for on-line
services which mediate the establishment of secure communications. By
requiring a trusted directory service (or validation or whatever you want to
call it) to be available you would defeating any advantages of public key.
Hmmh. I'll grant that there is a certain amount of truth to your argument, but
I think this may be going too far. For example, why did X.500 provide
for strong authentication via X.509, since the directory was obviously on-line?
The particular point I was making was in the context of a transaction, such
as buying or selling stock, where the up-to-the-second status of the certificate
might be an issue, and the CRL mechanism too cumbersome. It also simplifies
nonrepudiation, since the originator can arrange for the CA to counter-sign
the document immediately after it is created. The relying party then CAN safely
operate in a disconnected mode (assuming the CA's own certificate is
still valid).
> The ideal solution to the overall problem would be some scheme that would
> distribute base-level CRLs on a CD-ROM-of-the-month, plus delta CRLS
> that could be downloaded according to the relying party's perceived
> risk, plus an on-line positive validation scheme for near real-time, high-value
> transactions.
>I know there is a great anti-X.500 sentiment in this group, but isn't this what
X.500 already provides? Latest copies of certificates are available in the
Directory - so if you have on-line access you can pull it off from there (this
assumes that CAs pull revoked certificates from the Directory), CRLs are
periodically distributed and lodged in the Directory from which they can be
retrieved at any time.
Well, I happen to be rather pro-X.500, but there are some differences.
Even if you have a trusted X.500 directory, there may be differences
in the domain of trust. Although having the CA withdraw the certificate
from the directory wold be an excellent practice, it may not happen,
and conceivably the directory operator could put it back! You clearly
can't sign a now-absent certificate, so we need a stronger, more
positive revocation mechanism.
On the other hand, if I am exchanging secure e-mail with
Carl, for example, I probably wouldn't bother to check a CRL for
him more than once a month, because I know that even if he left
CyberCash he would still be the same Carl, and to date none of my
dealings with him have involved his corporate identity. Unless
he offers to buy my house, or some particularly outrageous
utterance has been attributed to him, my perception of the
threat is quite low, and so I can alter my CRL
checking behavior accordingly. Getting the CRLs on CD would allow
me to validate his identity without even accessing the directory.
>Now about this wheel thingy... how about if we make it square... it would be
easier to implement that way....
Too many joints. I can mathematically prove that three joints are
both necessary and sufficient, and so obviously your wheel thingy should
be triangular. :-)
Cheers,
Michael Warner
Telstra Research Labs
Regards,
Bob