[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CRLs versus short Validity periods

To: spki@c2.org
Subject: RE: CRLs versus short Validity periods
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 1 Mar 1996 10:40:53 -0800
Sender: owner-spki@c2.org

In KeyKOS, a capability operating system, we came to the conclusion that
the way to get rescindable capabilities (approximately the same as a
certificate revocation), was to require anyone who wanted to be able to
rescind a capability to introduce a transparent intermediate object.  To
rescind the capability, you destroy the intermediate object.

This approach should work well for at least some of the uses of
certificates.  For example a certificate which says "bearer can log on as
root to <specific machine>".  If that certificate is validated by the
machine, then notifying the machine that the certificate is no longer valid
would have the same effect as issuing a revocation, but require less
communication and be more reliable.  (The question of what to do if you
can't communicate with the revocation agency does not come up.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA

Prev by Date: Re: CRLs versus short Validity periods
Next by Date: RE: CRLs versus short Validity periods
Prev by thread: RE: CRLs versus short Validity periods
Next by thread: RE: CRLs versus short Validity periods
Index(es):
- Main
- Thread