[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: can CRL's and short-life certs coexist?

The idea of, shall we say, certificate depreciation, introduced below by
Frank O'Dwyer is indeed fascinating.  If generalized, it could serve to
significantly reduce overhead in network traffic, especially in the short-
term cert model.

I envision some way of codifying, either in the certificate or in the
certifying agent's policy, a depreciation formula that can be resolved
by the relying party at key-usage time to a value in the range [0,1].
This value would represent a multiplier affecting the CA's acceptance
of liability regarding the key's misuse (effectively shifting liability
back in the direction of the relying party.)


Carl M. Ellison wrote:
>At 08:43 3/5/96, Frank O'Dwyer wrote:
>>The same app. might well decide that a 2 day cert which
>>expired an hour ago was fresh enough for a low-valued transaction,
>>given that it didn't have the connectivity to always get a
>>completely fresh cert.
>Fascinating idea:  trust which diminishes with time or risk that increases
>with time as a continuous function.  I'm sure the reality is continuous,
>not stepwise like validity dates suggest, but I haven't formulated it.
>Have you?  Has anyone else?
>I just did a back-of-the-envelope model of the loss process for a credit
>card and came up with a formula [with many unbound variables] for expected
>loss per transaction.  The trouble is, the only policy I could imagine a
>credit card company setting would be to fix the percentage loss -- ie., the
>probability of loss -- ie., something independent of transaction size.
>|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
>|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
>|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
>|Reston, VA 22091      Tel: (703) 620-4200                                 |

Tony Bartoletti                                             LL
SPI Project Leader                                       LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL