Re: Light-weight certificate revocation lists ?

[dpkemp@missi.ncsc.mil (David P. Kemp)]

> From: Carl Ellison <cme@cybercash.com>
>
> 	To me, the fundamental problem with the CRL idea is that it violates the
> cardinal rule of data driven programming:  that once you have emitted a 
> datum, you may not attempt to take it back.  If you provide for such a 
> mechanism, then you are allowing non-deterministic behavior.

Carl,

Since seeing this analogy in your original paper, I've never understood
it.  A dataflow architecture machine takes, say, two numbers A and B,
and when both of them have arrived (asynchronously), the processor
produces a result C which is then passed along to whatever depends on
it.

This is precisely how CRLs work!  The access control decision function
requires two pieces of information from the PKI: a certificate and a
CRL.  When both of those inputs are available, along with any other
required information (the access being requested by the principal, the
current time, the principal's bank account balance, etc), the decision
function produces a result: Yes or No.

CRLs don't wander around space like anti-matter, randomly colliding with
certificates!  Just like certificates, they are fetched as needed if
they aren't already available from a local cache on the decision-making
host.

        dpk

---

Follow-Ups:

• Re: Light-weight certificate revocation lists ?
• From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
• Re: Light-weight certificate revocation lists ?
• From: "Perry E. Metzger" <perry@piermont.com>
• CRLs as wandering anti-matter
• From: Carl Ellison <cme@cybercash.com>

---

• Prev by Date: Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
• Next by Date: Names of algorithms
• Prev by thread: Re: Light-weight certificate revocation lists ?
• Next by thread: Re: Light-weight certificate revocation lists ?
• Index(es):
  • Main
  • Thread