[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rethink CRLs

To: bjb@trsvr.tr.unisys.com, cme@cybercash.com
Subject: Re: Rethink CRLs
From: Michael Warner <m.warner@trl.telstra.com.au>
Date: Thu, 15 Aug 1996 08:45:14 +1000
Cc: moline@gumby.dsd.trw.com, spki@c2.org


> We discussed this a bit ago -- maybe off-list.  Revocation of a cert needs a
> meaning just as a cert needs a meaning.
> 
> You need to know if the private key has been compromised -- and if so, when.
> In particular, you need to know during what time period the private key was
> valid in spite of its later compromise -- so that certs issued in that
> period remain valid.
> 
> Then again, maybe it wasn't a private key compromise.  Maybe the CA had an
> employee from April 10, 1996 and July 19, 1996 who issued some certificates
> improperly -- until he was caught and fired.


Surely the only meaning that a CRL has is to negate any meaning the original
certificate had (after a certain time).

In revoking a certificate, the CA is effectively saying "I am no longer willing
to guarantee the binding between this public key and this identity (or whatever
else the certificate is binding to the public key)".

While the reason for this revocation may be of interest to curious humans, it's
effect on applications should be the same regardless of the reason - don't use
the certificate because it is not valid.

Anything else and you are moving toward "analogue certificates", which express
a degree of confidence that an identity is bound to a key.   Now that really
will add to complexity !

Cheers,

Michael Warner
Telstra Research Labs

Prev by Date: Re: Rethink CRLs
Next by Date: Re: Rethink CRLs
Prev by thread: Re: Rethink CRLs
Next by thread: Re: Rethink CRLs
Index(es):
- Main
- Thread