[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: can CRL's and short-life certs coexist?
The idea of, shall we say, certificate depreciation, introduced below by
Frank O'Dwyer is indeed fascinating. If generalized, it could serve to
significantly reduce overhead in network traffic, especially in the short-
term cert model.
I envision some way of codifying, either in the certificate or in the
certifying agent's policy, a depreciation formula that can be resolved
by the relying party at key-usage time to a value in the range [0,1].
This value would represent a multiplier affecting the CA's acceptance
of liability regarding the key's misuse (effectively shifting liability
back in the direction of the relying party.)
___TONY___
Carl M. Ellison wrote:
>At 08:43 3/5/96, Frank O'Dwyer wrote:
>
>>The same app. might well decide that a 2 day cert which
>>expired an hour ago was fresh enough for a low-valued transaction,
>>given that it didn't have the connectivity to always get a
>>completely fresh cert.
>
>Fascinating idea: trust which diminishes with time or risk that increases
>with time as a continuous function. I'm sure the reality is continuous,
>not stepwise like validity dates suggest, but I haven't formulated it.
>
>Have you? Has anyone else?
>
>I just did a back-of-the-envelope model of the loss process for a credit
>card and came up with a formula [with many unbound variables] for expected
>loss per transaction. The trouble is, the only policy I could imagine a
>credit card company setting would be to fix the percentage loss -- ie., the
>probability of loss -- ie., something independent of transaction size.
>
>
>
>+--------------------------------------------------------------------------+
>|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
>|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
>|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
>|Reston, VA 22091 Tel: (703) 620-4200 |
>+--------------------------------------------------------------------------+
Tony Bartoletti LL
SPI Project Leader LL LL
Computer Security Technology Center LL LL LL
Lawrence Livermore National Lab LL LL LL
PO Box 808, L - 303 LL LL LLLLLLLL
Livermore, CA 94551-9900 LL LLLLLLLL
email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL
Follow-Ups: