[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRLs versus short Validity periods

At 20:59 2/29/96, PALAMBER.US.ORACLE.COM wrote:
>Did your analysis look at the tradeoffs of processing versus number of users
>per CA?
>Imagine a CA with 1 million certified users... issuing a CRL is a single
>operation.  Reissuing all certificates is 1 million operations.  This makes
>CRLs look very good ....
>Note, I don't belive CRLs are a great mechanism, I am just dense when it comes
>to understanding your last example.

As I said, with (b), the number of signatures performed by the Issuer
is fractional [< 1] compared with (0) and (a).  That's what you're saying about
generating one CRL.  However, the number of network operations and number of
verifications is as I listed them.  Meanwhile, the CRL needs to be
re-signed periodically -- with the period determined by the validity delta.

By "validity delta" I mean the length of time after deciding that a given
cert is no good and should be revoked that the Issuer will allow the cert
to remain alive and used in the world.  This delta can not be 0.  Clock
skew and communication time preclude that possibility.  E.g., for credit
cards, I believe the delta is 24 hours.

Once you've picked a delta, then in my case (0), that's the validity
period for a cert; in (a), it's the validity period for the CRL lookup
response from the Issuer; and in (b), it's the validity period of the CRL
itself.  Users will be forced to perform one kind of network traffic or
another at that rate, no matter what scheme is used.

A CA with a million certs will have some number of users of its certs in a
given validity period.  That's the number of network requests it will have
to field.  That number will be a function of validity delta,
looking much like the dynamic paging curve [from P. Denning, in the early
1970's or late 60's].  I don't know the curve exactly, but that sounds like
a fun, small project.  It might even be the 1-e^(aT+b) of Denning's.

Meanwhile, let me suggest that a huge CA, issuing millions of certs, is
not part of my view of the way the world will work.  I envision almost
no certificates coming from what we think of as Certification Authorities,
since I think of those as binding identities to keys, and I don't see
much use for that kind of cert.  Instead, I imagine entities which have
the permissions to allocate, generating small certs to grant those
permissions.  A sysadmin at my company would generate certs for each of the
company's registered users' keys, so that we might get in through the corporate
firewall -- for example.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |