[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CRLs versus short Validity periods

In KeyKOS, a capability operating system, we came to the conclusion that
the way to get rescindable capabilities (approximately the same as a
certificate revocation), was to require anyone who wanted to be able to
rescind a capability to introduce a transparent intermediate object.  To
rescind the capability, you destroy the intermediate object.

This approach should work well for at least some of the uses of
certificates.  For example a certificate which says "bearer can log on as
root to <specific machine>".  If that certificate is validated by the
machine, then notifying the machine that the certificate is no longer valid
would have the same effect as issuing a revocation, but require less
communication and be more reliable.  (The question of what to do if you
can't communicate with the revocation agency does not come up.)

Regards - Bill

Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA