IETF Logo Mail Archive

RE: Online Certificate Revocation Protocol

Santosh Chokhani <chokhani@cygnacom.com> Fri, 08 June 2001 21:37 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA20860 for <pkix-archive@odin.ietf.org>; Fri, 8 Jun 2001 17:37:12 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.9.3/8.9.3) id OAA28155 for ietf-pkix-bks; Fri, 8 Jun 2001 14:00:54 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.9.3/8.9.3) with ESMTP id OAA28134 for <ietf-pkix@imc.org>; Fri, 8 Jun 2001 14:00:48 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <MQPSLDKS>; Fri, 8 Jun 2001 17:00:20 -0400
Message-ID: <8D7EC1912E25D411A32100D0B76953978DF46E@scygmxs01.cygnacom.com>
From: Santosh Chokhani <chokhani@cygnacom.com>
To: "Housley, Russ" <rhousley@rsasecurity.com>, pgut001@cs.auckland.ac.nz
Cc: ietf-pkix@imc.org
Subject: RE: Online Certificate Revocation Protocol
Date: Fri, 08 Jun 2001 16:50:25 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0F05C.A45C8C40"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>

I agree with Russ.

-----Original Message-----
From: Housley, Russ [mailto:rhousley@rsasecurity.com]
Sent: Friday, June 08, 2001 4:47 PM
To: pgut001@cs.auckland.ac.nz
Cc: ietf-pkix@imc.org
Subject: Re: Online Certificate Revocation Protocol


Peter:

You make an interesting point.  I figure that a message signed with the 
private key that is claiming to be compromised is a good thing to pay 
attention to.

If the message is from the subscriber, then that subscriber probably knows 
that some bad thing just happened and the subscriber is trying to let 
everyone know.  He does not want any one to rely on the key any more.

If the message is not from the subscriber, then the key has absolutely been 
compromised.  What a nice attacker to tell everyone.

Russ


At 04:34 AM 6/9/2001 +0000, Peter Gutmann wrote:
>Nada Kapidzic Cicovic <nada@entegrity.com> writes:
>
> >This is exactly what CMP specifies. Many vendors already have support 
> for CMP
> >EE initiated certificate revocation. The interoperability of different
> >implementations of CMP certificate revocation (among other things) has
been
> >conducted during PKI Forum and ICSA CMP interop testing quite
successfully.
>
>However there are two ways to look at revocation, the DOS model and the
scram
>switch model.  The DOS model says that anyone who can revoke your cert can
>cause a DOS, so it should be made as difficult as humanly possible to
revoke a
>cert.  The scram switch model says that when your private key is
compromised
>you want the cert revoked right now with no excuses, so it should be made
as
>easy as possible to revoke a cert.  CMP follows the DOS model and makes it 
>very
>difficult (in some cases impossible) to revoke your cert.  Programs like
PGP
>follow the scram switch model (via suicide-note revocations) and make it
very
>easy to revoke your cert.  Depending on your point of view, CMP may not be
the
>right thing for handling revocations.
>
>Peter.

v2.23.0 | Report a Bug | By Email