[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Cancellation Notices (CCN)

At 11:56 AM 4/3/97 EST, Ron Rivest wrote:
>The CCN allows for some "softening" of SPKI's "once-issued, no
>revocation" policy by enabling an issuer to attempt to control the
>extent to which an adversary can make use of a certificate that the
>issuer would like to revoke, without having enforceable revocation.
>However, if the issuer can distribute the CCN to the right places (which
>might only be a few verifiers), he can get close to what CRL's
>attempt to achieve, without all of their complexity and costs of CRL's.
>CCN's are an informal version of CRL's, and get most of the benefits with
>little of the cost, which is what you want in a system that calls itself

"softening" reminds me of "a little bit pregnant".

I believe that if we consider the server to be an online service which
is backing up online tests you have specified in your certs and if
you find a way to replicate databases between issuer and that server
for the purpose of answering such online inquiries, then we have the
effect you're looking for without going soft on the definition.

 - Carl

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |