[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Light-weight certificate revocation lists ?
Ron,
here I have to disagree with you.
I believe CRLs are an unqualified disaster. That's why we provide for an
online test of validity. A CRL is like a piece of anti-matter, sent out
into the world in the hopes that it will collide with the appropriate matter
and annihilate it. If you somehow insist that any cert verifier go fetch an
up-to-date CRL, then you have reinvented the online test, so I take "CRL" to
refer to the wandering anti-matter mechanism.
To me, the fundamental problem with the CRL idea is that it violates the
cardinal rule of data driven programming: that once you have emitted a
datum, you may not attempt to take it back. If you provide for such a
mechanism, then you are allowing non-deterministic behavior.
On a more practical level, CRLs grow and communicating them becomes a major
pain. Because their use leads to non-deterministic results, you have endured
the pain in return for nothing in terms of security.
As far as a serial number is concerned, I see no use for it except in the
online test. Therefore, to me, it belongs as a parameter to the online test
specification rather than as a field of the certificate.
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups:
References: