[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Validity periods can be handled more explicitly
-----BEGIN PGP SIGNED MESSAGE-----
At 11:48 AM 10/31/97 -0500, Carl Ellison wrote:
>This confusion stems partly from the anti-matter theory of CRLs. ...ie.,
>that one can say "oops" about certificates. Validity tests have often been
>thought of as a way to say "oops" or to prevent the use of invalid keys. I
>believe that we can't think that way -- that once we release a certificate
>(or its revalidation or a CRL lacking it), we have committed ourselves to
>honor that cert even when what it says is wrong -- ie., even when its
>private key has been stolen. However, this is a long discussion and I don't
>want to monopolize it.
In fact, the confusion stems from the idea that a certificate makes a
statement of fact: "the private key associated with this public key is owned
by and controlled by the person indicated". There are at least 2 flaws in
such a statement. I'll leave listing the flaws as an exercise for the
reader :).
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBNFoQ2BN3Wx8QwqUtAQHd/QP/chKmUC0HMnxIPwLOnKSVd5flb1sZ+6xv
y1t8hjkCRzpul+vkMc+kUUwwgR/Epw/Ejzx1IiK9o/MdT6wKd5vWOGQYDQnTEYxO
pqZiKlrGqlkbGolSfLODwTMCniublsgWd8c9RwBV7i/aJFNtxtHcYZ85cFbhOsv9
Ug7zOAYKp70=
=bBGx
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: