[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CRLs versus short Validity periods

Your mail was addressed to me and "skpi@c2.org" <skpi@c2.org>
but the list name is spki.  I assume you were told...

At 12:18 3/1/96, Robichaux, Paul E wrote:
>Carl said, in response to my "Episcopal bishop" argument:
>>If no CRL path is specified in the cert, then this cert is not revokable.
>>If a CRL path *is* specified, then the "death do us part" fantasy is broken
>>from day 1 and the cert might as well have had a short validity period.
>"Death do us part" is probably an extreme case. A better example might be a
>power of attorney. I want to issue a power of attorney to someone whom I
>want to authorize to act for me. If it's a limited power of attorney, a
>short validity period might work OK-- unless the limit's bounds are unknown.
>Concrete example: I got a free trip to Tanajib in the Kingdom of Saudi
>Arabia thanks to the USMC. Before I left I wanted to issue a limited power
>of attorney so that, in my absence, someone had the power to transact
>business on my behalf. The limit didn't have a definite time bound, and it
>would have been quite inconvenient for me to renew an expiring certificate
>every, say, 60 days.
>I think there's a place for "K says X until K says otherwise" credentials.
>They do require the use of CRLs but thus far I am unconvinced that
>short-expiry certificates are an adequate substitute.

I'm sure there's a place for that, at least in someone's mind.  That's the
way people think, apparently.

All I was pointing out is that one can implement this desired kind of
credential via CRLs or via short validity period certificates.
The two are logically equivalent.  The only difference lies in
performance -- and depending on several factors, the performance advantage
can lie in either court.  That is, I could tell you I'm issuing you a
certificate which is good forever unless I revoke it but the bits I give
you could be a short-term certificate.  You, watching the behavior of your
computer [how much it computes, how often it connects back to me by net],
would not be able to tell without precise measurements which of the two
options I had exercised.

This suggests to me that the desire for CRLs -- for your model of
"K says X until K says otherwise" -- is a psychological requirement of
some kind, not a technical requirement.  I'm not a psychologist, but
this might be an interesting topic to study -- if there are any
experimental psychologists out there.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |