[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Light-weight certificate revocation lists ?

To: spki@c2.net
Subject: Re: Light-weight certificate revocation lists ?
From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
Date: Wed, 2 Apr 1997 09:57:09 -0500 (EST)
In-Reply-To: <199704021354.IAA07928@argon.ncsc.mil>
Sender: owner-spki@c2.net

The only interesting CRLs are unanticipated ones.  If CRLs are issued at
predictable times and cover specific periods of time, into the future or the
past, they are the same as using certificates with more limited validity
periods and issuing or failing to issue more certificates.  If CRLs can be
issued at arbitrary times in an unanticipated fashion, you have no guarantee
anyone will see them and you get Carl's objection. 

On the other hand, I don't know that non-deterministic behavior is all
that bad.

Donald

On Wed, 2 Apr 1997, David P. Kemp wrote: 

> Date: Wed, 2 Apr 1997 08:54:56 -0500
> From: David P. Kemp <dpkemp@missi.ncsc.mil>
> To: spki@c2.net
> Subject: Re: Light-weight certificate revocation lists ?
> 
> > From: Carl Ellison <cme@cybercash.com>
> >
> > 	To me, the fundamental problem with the CRL idea is that it violates the
> > cardinal rule of data driven programming:  that once you have emitted a 
> > datum, you may not attempt to take it back.  If you provide for such a 
> > mechanism, then you are allowing non-deterministic behavior.
> 
> Carl,
> 
> Since seeing this analogy in your original paper, I've never understood
> it.  A dataflow architecture machine takes, say, two numbers A and B,
> and when both of them have arrived (asynchronously), the processor
> produces a result C which is then passed along to whatever depends on
> it.
> 
> This is precisely how CRLs work!  The access control decision function
> requires two pieces of information from the PKI: a certificate and a
> CRL.  When both of those inputs are available, along with any other
> required information (the access being requested by the principal, the
> current time, the principal's bank account balance, etc), the decision
> function produces a result: Yes or No.
> 
> CRLs don't wander around space like anti-matter, randomly colliding with
> certificates!  Just like certificates, they are fetched as needed if
> they aren't already available from a local cache on the decision-making
> host.
> 
>         dpk
> 

=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 508-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.eff.org/blueribbon.html

References:

Re: Light-weight certificate revocation lists ?

From: dpkemp@missi.ncsc.mil (David P. Kemp)

Prev by Date: Names of algorithms
Next by Date: Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
Prev by thread: Re: Light-weight certificate revocation lists ?
Next by thread: Re: Light-weight certificate revocation lists ?
Index(es):
- Main
- Thread