[Cfrg] How to issue CRLs after the private key of old root certificate has been destroyed?

Wang Guilin <Wang.Guilin@huawei.com> Tue, 28 July 2020 10:22 UTC

Return-Path: <Wang.Guilin@huawei.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1433A0A9D for <cfrg@ietfa.amsl.com>; Tue, 28 Jul 2020 03:22:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v8KUjW_z4BH1 for <cfrg@ietfa.amsl.com>; Tue, 28 Jul 2020 03:22:05 -0700 (PDT)
Received: from huawei.com (szxga02-in.huawei.com [45.249.212.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA0DD3A0A99 for <cfrg@irtf.org>; Tue, 28 Jul 2020 03:22:04 -0700 (PDT)
Received: from DGGEMM403-HUB.china.huawei.com (unknown [172.30.72.57]) by Forcepoint Email with ESMTP id 49B85FE04F27ECE6C59A for <cfrg@irtf.org>; Tue, 28 Jul 2020 18:21:58 +0800 (CST)
Received: from sineml701-chm.china.huawei.com (10.223.161.108) by DGGEMM403-HUB.china.huawei.com (10.3.20.211) with Microsoft SMTP Server (TLS) id 14.3.487.0; Tue, 28 Jul 2020 18:21:55 +0800
Received: from sineml702-chm.china.huawei.com (10.223.161.109) by sineml701-chm.china.huawei.com (10.223.161.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Tue, 28 Jul 2020 18:21:55 +0800
Received: from sineml702-chm.china.huawei.com ([10.223.161.109]) by sineml702-chm.china.huawei.com ([10.223.161.109]) with mapi id 15.01.1913.007; Tue, 28 Jul 2020 18:21:55 +0800
From: Wang Guilin <Wang.Guilin@huawei.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
CC: Wang Guilin <Wang.Guilin@huawei.com>
Thread-Topic: How to issue CRLs after the private key of old root certificate has been destroyed?
Thread-Index: AdZkw+T/ci2/UcLFQb2tv0JhcZyR5Q==
Date: Tue, 28 Jul 2020 10:21:55 +0000
Message-ID: <6718996fea714f47a9d8612e0178527f@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.225.233]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/uQ1q_S-naM4_5oIoa-jzzN98pl0>
Subject: [Cfrg] How to issue CRLs after the private key of old root certificate has been destroyed?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 10:22:11 -0000

Dear all, 

I am here to enquire one question about revoking PKI certificates. 

In practice, to guarantee high security, the validity (say 10 years) of a root certificate private key may be essentially shorter that the validity (say 30 years) of the corresponding public key. After the first 10 years, a new root certificate with a new key pair will be generated, and the old root private may be even destroyed. After that, however, how can we use the new root private key to issue CRLs to revoke certificates previously signed by the old root private key? 

At first, I thought this is the case of using indirect revocation mechanism discussed in RFC 5280, which may involve the link certificate NewWithOld, which is a certificate for the new root public key signed by the old  root private key. However, it seems that indirect revocation only works for different entities. Namely, by using indirect revocation, the certificates issued by A can be revoked by a different entity B. However, in the above case, the old and new root certificates are for the same entity (or owner). So, my real questions is: Can indirect revocation be used in such a scenario? If not, is there any good way to do this, especially if interoperability with TLS, SSL, IPSec etc is required? 

Thanks a lot in advance, 

Guilin