[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Revocation, etc...]
-----BEGIN PGP SIGNED MESSAGE-----
At 11:42 AM 6/4/98 +0200, Antonio Mana Gomez wrote:
> It introduces a security risk because once a certificate is issued
> there is an interval of time that will allow a malicious user to
> act freely whithout worriying about being discovered. In a digital
> environment where the time scale is very small several minutes are
> enough time to do a lot of transactions and therefore the mentioned
> risk is not small.
sorry for replying so late. Your message fell in the cracks.
I understand the fear of an irrevocable validity period. However, the net
doesn't provide instant broadcast. Such isn't possible. Therefore, there
will be a period of time during which an announcement of revocation might be
in transit but not received. That length of time is one in which the
verifier will be relying on data which the issuer (or someone) knows is false.
With the possibiliy of momentary disconnection from the net, this time period
might be much longer than the speed of light would imply.
This is not a new concern. The developers of ATMs addressed this by
establishing a different security policy in case of disconnection from the
net (e.g., $100 maximum per card).
The issuer needs to ask himself, "During what interval of time am I
willing to let the verifier believe this certificate after I know it to be
false?" The answer to that question should give the validity period of
either the cert or an on-line revalidation. If the answer is exactly 0,
then the issuer must demand one-time revalidations.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
-----END PGP SIGNATURE-----
|Carl M. Ellison firstname.lastname@example.org http://www.pobox.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+