[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Revocation, etc...]


At 11:42 AM 6/4/98 +0200, Antonio Mana Gomez wrote:
>	It introduces a security risk because once a certificate is issued
>	there is an interval of time that will allow a malicious user to
>	act freely whithout worriying about being discovered. In a digital
>	environment where the time scale is very small several minutes are
>	enough time to do a lot of transactions and therefore the mentioned
>	risk is not small.


	sorry for replying so late.  Your message fell in the cracks.

	I understand the fear of an irrevocable validity period.  However, the net 
doesn't provide instant broadcast.  Such isn't possible.	Therefore, there 
will be a period of time during which an announcement of revocation might be 
in transit but not received.  That length of time is one in which the 
verifier will be relying on data which the issuer (or someone) knows is false.
With the possibiliy of momentary disconnection from the net, this time period
might be much longer than the speed of light would imply.

	This is not a new concern.  The developers of ATMs addressed this by 
establishing a different security policy in case of disconnection from the 
net (e.g., $100 maximum per card).

	The issuer needs to ask himself, "During what interval of time am I 
willing to let the verifier believe this certificate after I know it to be
false?"  The answer to that question should give the validity period of 
either the cert or an on-line revalidation.  If the answer is exactly 0, 
then the issuer must demand one-time revalidations.

 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison         cme@acm.org     http://www.pobox.com/~cme |
|    PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342                 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+