[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: serial numbers // push/pull CRL's

To: rivest@theory.lcs.mit.edu (Ron Rivest)
Subject: Re: serial numbers // push/pull CRL's
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Wed, 2 Apr 1997 19:16:45 -0500 (EST)
Cc: spki@c2.net, blampson@microsoft.com
In-Reply-To: <199704022106.AA24052@swan.lcs.mit.edu> from "Ron Rivest" at Apr 2, 97 04:06:42 pm
Sender: owner-spki@c2.net

> 
> 
> Carl made several points about CRL's.  Here are some comments:
> 
> (1) Using the hash of a certificate as the name for a certificate works,
>     but is very inefficient.  With MD5, this takes at least 128 bits per
>     certificate.  If the issuing key gives out sequential serial numbers,
>     then referring to a certificate takes space at most 32 bits, assuming
>     he hasn't issued more than 2**32 certificates. 

An MD5 or SHA hash value being uniformly distributed fits nicely with a
variety of fast indexing mechanisms - hash index plus btree etc.

I tend to prefer using a single index rather than a compound one.

A hash value has the nice property that the name becomes self 
validating. For example a reference to cert MD5:ksgfqgweoajvkjhsvdasdg==
can only be to a single certificate. The semantics of the cert
are irrelevant to the checking mechanism which can be pushed quite
low in the network layer as a result. 


> (2) Perhaps another name is needed than "revocation".  SPKI/SDSI does not,
>     as Carl noted, really try to "revoke" certificates.  Anyone holding
>     a previously issued certificate may legitimately go ahead and try to
>     use it.  But the server he is trying to access may know that the cert
>     has been revoked, and fail to honor the access request.  

I see the certificate as an authenticated assertion.

Coarsely:
"Foobar asserts that xyz is Freds key"

Or if you want to run a business:
"CertCo asserts that it has determined that xyz in accordance with
its level1 certification proceedures is the entity known as Freds key"

Tales of revocation are really a coda to this:

"... and if you really want to be sure check that it has not been 
revoked according to proceedure PQR".

The revocation itself is also an assertion:

"... I assert that xyz is a broken key" -- signed xyz

The only thing that is special about revocation is that a revocation
assertion is self validating and does not need any other trust
assupmtions to be made to be accepted as valid.


	Phill

References:

serial numbers // push/pull CRL's

From: rivest@theory.lcs.mit.edu (Ron Rivest)

Prev by Date: Comments on I-D requirement document
Next by Date: Re: serial numbers // push/pull CRL's
Prev by thread: serial numbers // push/pull CRL's
Next by thread: Re: serial numbers // push/pull CRL's
Index(es):
- Main
- Thread