[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rethink CRLs

> We discussed this a bit ago -- maybe off-list.  Revocation of a cert needs a
> meaning just as a cert needs a meaning.
> You need to know if the private key has been compromised -- and if so, when.
> In particular, you need to know during what time period the private key was
> valid in spite of its later compromise -- so that certs issued in that
> period remain valid.
> Then again, maybe it wasn't a private key compromise.  Maybe the CA had an
> employee from April 10, 1996 and July 19, 1996 who issued some certificates
> improperly -- until he was caught and fired.

Surely the only meaning that a CRL has is to negate any meaning the original
certificate had (after a certain time).

In revoking a certificate, the CA is effectively saying "I am no longer willing
to guarantee the binding between this public key and this identity (or whatever
else the certificate is binding to the public key)".

While the reason for this revocation may be of interest to curious humans, it's
effect on applications should be the same regardless of the reason - don't use
the certificate because it is not valid.

Anything else and you are moving toward "analogue certificates", which express
a degree of confidence that an identity is bound to a key.   Now that really
will add to complexity !


Michael Warner
Telstra Research Labs