[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Light-weight certificate revocation lists ?

> From: Carl Ellison <cme@cybercash.com>
> 	To me, the fundamental problem with the CRL idea is that it violates the
> cardinal rule of data driven programming:  that once you have emitted a 
> datum, you may not attempt to take it back.  If you provide for such a 
> mechanism, then you are allowing non-deterministic behavior.


Since seeing this analogy in your original paper, I've never understood
it.  A dataflow architecture machine takes, say, two numbers A and B,
and when both of them have arrived (asynchronously), the processor
produces a result C which is then passed along to whatever depends on

This is precisely how CRLs work!  The access control decision function
requires two pieces of information from the PKI: a certificate and a
CRL.  When both of those inputs are available, along with any other
required information (the access being requested by the principal, the
current time, the principal's bank account balance, etc), the decision
function produces a result: Yes or No.

CRLs don't wander around space like anti-matter, randomly colliding with
certificates!  Just like certificates, they are fetched as needed if
they aren't already available from a local cache on the decision-making