[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on short-lived certificates in "Generalized Certificates"

Bill Sommerfeld writes:
> [http://www.clark.net/pub/cme/html/cert.html]
> Towards the end, you bash CRLs; I heartily agree with this.

I'm not sure that CRLs are always a bad idea in all conditions, but
I must admit to a prejudice against them. One can never know that a
revocation definitively does not exist, only that one has not seen
one, to name just one problem. Certainly you can require that people
always contact the CRL server, but that lowers your scalability
substantially, and dramatically increases the number of failure modes
for your whole system.

I'll note that in the case of, say, a bank account key, the bank in
general will know if it thinks the key is still valid for an account,
and need not ask a third party. In this case, the banks own records
are far superior to CRLs.

Many other applications have similar properties.

The notion that Bill presents of only using short lived certificates
is an attractive one in many situations, though I would want to think
about the implications a bit...