[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CRLs versus short Validity periods
In KeyKOS, a capability operating system, we came to the conclusion that
the way to get rescindable capabilities (approximately the same as a
certificate revocation), was to require anyone who wanted to be able to
rescind a capability to introduce a transparent intermediate object. To
rescind the capability, you destroy the intermediate object.
This approach should work well for at least some of the uses of
certificates. For example a certificate which says "bearer can log on as
root to <specific machine>". If that certificate is validated by the
machine, then notifying the machine that the certificate is no longer valid
would have the same effect as issuing a revocation, but require less
communication and be more reliable. (The question of what to do if you
can't communicate with the revocation agency does not come up.)
Regards - Bill
------------------------------------------------------------------------
Bill Frantz | The CDA means | Periwinkle -- Computer Consulting
(408)356-8506 | lost jobs and | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA