[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CRLs as wandering anti-matter

To: dpkemp@missi.ncsc.mil (David P. Kemp)
Subject: CRLs as wandering anti-matter
From: Carl Ellison <cme@cybercash.com>
Date: Fri, 04 Apr 1997 17:05:36 -0500
Cc: spki@c2.net
In-Reply-To: <199704021354.IAA07928@argon.ncsc.mil>
Sender: owner-spki@c2.net

At 08:54 AM 4/2/97 -0500, David P. Kemp wrote:
>> From: Carl Ellison <cme@cybercash.com>
>>
>> 	To me, the fundamental problem with the CRL idea is that it violates the
>> cardinal rule of data driven programming:  that once you have emitted a 
>> datum, you may not attempt to take it back.  If you provide for such a 
>> mechanism, then you are allowing non-deterministic behavior.
>
>Carl,
>
>Since seeing this analogy in your original paper, I've never understood
>it.  A dataflow architecture machine takes, say, two numbers A and B,
>and when both of them have arrived (asynchronously), the processor
>produces a result C which is then passed along to whatever depends on
>it.
>
>This is precisely how CRLs work!  The access control decision function
>requires two pieces of information from the PKI: a certificate and a
>CRL.  When both of those inputs are available, along with any other
>required information (the access being requested by the principal, the
>current time, the principal's bank account balance, etc), the decision
>function produces a result: Yes or No.
>
>CRLs don't wander around space like anti-matter, randomly colliding with
>certificates!  Just like certificates, they are fetched as needed if
>they aren't already available from a local cache on the decision-making
>host.

David,

	the CRLs you describe must have a validity period.  If a CRL has no 
validity period, then you don't know if the one you have has expired.

	The wandering anti-matter CRLs I was referring to are ones with no valdity 
periods of their own.  They were not mandatory inputs to a verification step
but rather an optional thing to be sent out if the mood hits and you want
to say "oops".

	If you have dated CRLs, then you have effectively a two-part certificate, 
each with a date range and therefore the combination has a date range.
The combination is equivalent to a short-expiry certificate, probably in
execution time as well as net traffic.

 - Carl


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: CRLs as wandering anti-matter

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

References:

Re: Light-weight certificate revocation lists ?

From: dpkemp@missi.ncsc.mil (David P. Kemp)

Prev by Date: Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
Next by Date: Re: Light-weight certificate revocation lists ?
Prev by thread: Re: Light-weight certificate revocation lists ?
Next by thread: Re: CRLs as wandering anti-matter
Index(es):
- Main
- Thread