[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Cancellation Notices (CCN)
>
>
> Brian Thomas (below) asks how the CCN's work.
>
> I guess I would expect a server to keep around recent CCN's it has
> received. If a client submits a certificate that is apparently valid,
> but which is listed on a CCN, then the server can disregard that
> certificate.
I think the CCN can be reconciled with Ron's original "never
revoke" proposal.
If a certificate is going to be suceptable to cancellation then
the necessary checks should be incorporated in the certificate.
This is equivalent to the Credit Card industry idea of a "floor
limit", the shopkeeper can accept goods up to $50 without an
authorisation code, above that they phone for authorisation.
[disclaimer, this varies from country to country].
So an assertion might be :-
Bill Clinton is identified by the key <foo>
Clinton is authorised to sign bills up to $1 billion.
Before setting off nuclear missiles check the cert
is not revoked at http://keyserver.whitehouse.gov/
according to the
I'm deliberately using fuzzy language here. The revocation
process would be itself specifed in the cert. It might be a
Micalli like lightweight scheme, it might be a passive or active
revocation instruction. There might be a need to get "proof".
The basis of a certificate is "I assert that I have determined X
to be true by process Y, I will guarantee this information to
be correct in the sum P provided you verify it using procedure Q".
Phill
References: