[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: serial numbers // push/pull CRL's

At 04:57 PM 4/2/97 -0800, Peter Williams wrote:
>One query.
>Can a source (e.g. HotSoft) issue a second certificate which differs
>as to the group which it lists, without first issuing a CRL.
>if G={a,b,c} in Hotsoft's first certificate, and G={a,b} in the second,
>does c gain access following receipt by the group of G authorized
>by the second certificate? If the second replace the first, presumably
>the group identifier is the linkage, and issuing date is the
>signal to replace.

The example you give suggests a group definition in a single certificate
and we don't have such a construct in the new SPKI/SDSI.

In general, if you want to redefine a certificate -- revoke some previously 
granted rights -- then you need to let the first certificate expire.

The soap box I keep getting on is that you can not say "oops".  You can not 
issue a general CRL which tells the world that a given certificate is bad
because you have no guarantee that someone who has that cert will ever be
in touch again to discover there's a CRL, unless you force him to. 

That is, you can make the original certificate short-lived or you can attach an 
on-line test to the original certificate -- and let the on-line service 
either reconfirm the certificate's validity or hand back a CRL (depending on 
what your performance analysis suggests is the preferred way to go).

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |

Follow-Ups: References: