[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rethink CRLs
At 10:13 AM 8/15/96 +1000, Michael Warner wrote:
>There is some curiosity value to a human, but the reaction for all three
>should probably be the same. If you suspect a key has been compromised,
>you cease to use it. Even if you "get it back", the fact that it was "in
>the hands of the enemy" means it should be considered compromised.
>
>In which case the behaviour you wish to encourage by issuing CRLs in the
>above three examples are:
>
>1) don't trust the certificate after <date>
>
>2) don't trust the certificate after <date1>
>
>3) don't trust the certificate after <creation-date>
>
>I believe this approach is both simpler to deal with, and also encourages
>a more sensible security policy.
I can buy your simplification -=- although I can imagine a real scenario
under which (2) might be real. That is, the private key is locked in a
tamper-proof enclosure which is mislaid for a few days -- then turns up.
[This happened with a US cipher device (SIGABA) during WW-II.] Once you get
it back, you can tell if there has been a tamper attempt. The enemy might
have had it or might not -- and *might* have used it during the period it
was missing, but could not have copied the key.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+