IETF Logo Mail Archive

Re: Online Certificate Revocation Protocol

Massimiliano Pala <madwolf@hackmasters.net> Sun, 10 June 2001 17:12 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA12086 for <pkix-archive@odin.ietf.org>; Sun, 10 Jun 2001 13:12:29 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5AGFWL13655 for ietf-pkix-bks; Sun, 10 Jun 2001 09:15:32 -0700 (PDT)
Received: from mail.hackmasters.net (IDENT:postfix@[217.133.253.247]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5AGFUJ13647 for <ietf-pkix@imc.org>; Sun, 10 Jun 2001 09:15:30 -0700 (PDT)
Received: from hackmasters.net (galadriel.mpcnet.org [10.5.122.180]) by mail.hackmasters.net (Postfix) with ESMTP id 68CBE3CB5 for <ietf-pkix@imc.org>; Sun, 10 Jun 2001 19:20:05 +0200 (CEST)
Message-ID: <3B239E18.B187C4A3@hackmasters.net>
Date: Sun, 10 Jun 2001 18:19:36 +0200
From: Massimiliano Pala <madwolf@hackmasters.net>
Reply-To: madwolf@openca.org
Organization: OpenCA
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.18 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Online Certificate Revocation Protocol
References: <99217358114998@kahu.cs.auckland.ac.nz>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------msFA5BB8A42B7BA45BEB7C5FF3"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>

Peter Gutmann wrote:

> It's not necessarily as simple as that, for example if you have an
> encryption-only key (no way to revoke your cert if you need to submit a signed
> request) or if you've lost your private key (or it was physically stolen), or
> whatever there's nothing you can do if your CA follows the DOS model.  Having
> an attacker notify everyone of revocation is also perfectly possible, if I
> steal your key I'll submit a revocation for the once-a-day affiliation-changed
> CRL to prevent you from putting it on the 15-minute key-compromise CRL and
> guarantee me a full day to do whatever I want with it.

So the better would be a protocol allowing CAs to follow whatever policy they
want to and users to request for revocation at any time either if his/her key(s)
have been lost/destroyed/stolen trying, anyway, to avoid unneeded (unauthorized)
revocation to take place. If no strong aythorization is used further
requirements
could be requested by the CA while the certificate could be simply suspended.

What about the submitted RevReq structure ??? Is it reasonable ??? Could it be
a starting point ???

Let me know.

-- 

C'you,

	Massimiliano Pala

--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                madwolf@openca.org
                                                     madwolf@hackmasters.net
http://www.openca.org                            Tel.:   +39 (0)59  270  094
http://openca.sourceforge.net                    Mobile: +39 (0)347 7222 365

v2.23.0 | Report a Bug | By Email