[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Light-weight certificate revocation lists ?


	here I have to disagree with you.

	I believe CRLs are an unqualified disaster.  That's why we provide for an 
online test of validity.  A CRL is like a piece of anti-matter, sent out 
into the world in the hopes that it will collide with the appropriate matter 
and annihilate it.  If you somehow insist that any cert verifier go fetch an 
up-to-date CRL, then you have reinvented the online test, so I take "CRL" to 
refer to the wandering anti-matter mechanism.

	To me, the fundamental problem with the CRL idea is that it violates the 
cardinal rule of data driven programming:  that once you have emitted a 
datum, you may not attempt to take it back.  If you provide for such a 
mechanism, then you are allowing non-deterministic behavior.

	On a more practical level, CRLs grow and communicating them becomes a major 
pain.  Because their use leads to non-deterministic results, you have endured
the pain in return for nothing in terms of security.

	As far as a serial number is concerned, I see no use for it except in the 
online test.  Therefore, to me, it belongs as a parameter to the online test 
specification rather than as a field of the certificate.

 - Carl

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |

Follow-Ups: References: