[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRL format revision -Reply -Reply

>>> Michael Warner <m.warner@trl.telstra.com.au> 08/07/96 05:31pm >>>

Bob Jueneman writes:

> As long as you are departing substantially form the X.509
> certificate format, you should perhaps consider departing from the
> CRL paradigm entirely, and moving to an on-line, positive acknowledgment
> of the validity of a signature/certificate.

The whole point of public key cryptography is to remove the need for on-line
services which mediate the establishment of secure communications.   By 
requiring a trusted directory service (or validation or whatever you want to
call it) to be available you would defeating any advantages of public key.

Hmmh. I'll grant that there is a certain amount of truth to your argument, but
I think this may be going too far. For example, why did X.500 provide
for strong authentication via X.509, since the directory was obviously on-line?
The particular point I was making was in the context of a transaction, such
as buying or selling stock, where the up-to-the-second status of the certificate
might be an issue, and the CRL mechanism too cumbersome. It also simplifies
nonrepudiation, since the originator can arrange for the CA to counter-sign
the document immediately after it is created. The relying party then CAN safely
operate in a disconnected mode (assuming the CA's own certificate is
still valid).
> The ideal solution to the overall problem would be some scheme that would 
> distribute base-level CRLs on a CD-ROM-of-the-month, plus delta CRLS 
> that could be downloaded according to the relying party's perceived 
> risk, plus an on-line positive validation scheme for near real-time, high-value
> transactions.

>I know there is a great anti-X.500 sentiment in this group, but isn't this what 
X.500 already provides?   Latest copies of certificates are available in the 
Directory - so if you have on-line access you can pull it off from there (this
assumes that CAs pull revoked certificates from the Directory), CRLs are 
periodically distributed and lodged in the Directory from which they can be
retrieved at any time.

Well, I happen to be rather pro-X.500, but there are some differences.
Even if you have a trusted X.500 directory, there may be differences 
in the domain of trust. Although having the CA withdraw the certificate
from the directory wold be an excellent practice, it may not happen,
and conceivably the directory operator could put it back! You clearly
can't sign a now-absent certificate, so we need a stronger, more 
positive revocation mechanism.

On the other hand, if I am exchanging secure e-mail with 
Carl, for example, I probably wouldn't bother to check a CRL for 
him more than once a month, because I know that even if he left 
CyberCash he would still be the same Carl, and to date none of my 
dealings with him have involved his corporate identity. Unless 
he offers to buy my house, or some particularly outrageous 
utterance has been attributed to him, my perception of the 
threat is quite low, and so I can alter my CRL 
checking behavior accordingly. Getting the CRLs on CD would allow
me to validate his identity without even accessing the directory.

>Now about this wheel thingy... how about if we make it square... it would be
easier to implement that way....

Too many joints. I can mathematically prove that three joints are 
both necessary and sufficient, and so obviously your wheel thingy should
be triangular. :-)


Michael Warner
Telstra Research Labs