RE: Online Certificate Revocation Protocol
Santosh Chokhani <chokhani@cygnacom.com> Mon, 11 June 2001 17:22 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA15284 for <pkix-archive@odin.ietf.org>; Mon, 11 Jun 2001 13:22:55 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5BGTva08770 for ietf-pkix-bks; Mon, 11 Jun 2001 09:29:57 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5BGTtJ08762 for <ietf-pkix@imc.org>; Mon, 11 Jun 2001 09:29:55 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <MWVKQX67>; Mon, 11 Jun 2001 12:29:49 -0400
Message-ID: <8D7EC1912E25D411A32100D0B76953978DF4CE@scygmxs01.cygnacom.com>
From: Santosh Chokhani <chokhani@cygnacom.com>
To: "Scherling, Mark" <mscherling@rsasecurity.com>, Santosh Chokhani <chokhani@cygnacom.com>, jim <jimhei@cablespeed.com>
Cc: Tony Bartoletti <azb@llnl.gov>, "Housley, Russ" <rhousley@rsasecurity.com>, pgut001@cs.auckland.ac.nz, ietf-pkix@imc.org
Subject: RE: Online Certificate Revocation Protocol
Date: Mon, 11 Jun 2001 12:19:49 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0F292.56200560"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Again, it is trust issue. I have a very simple point. If you trust the holder of private key, you do NOT revoke a certificate. If you do not trust the holder of private key, you probably want to do something whether the key was destroyed or not. -----Original Message----- From: Scherling, Mark [mailto:mscherling@rsasecurity.com] Sent: Monday, June 11, 2001 12:28 PM To: 'Santosh Chokhani'; jim Cc: Tony Bartoletti; Housley, Russ; pgut001@cs.auckland.ac.nz; ietf-pkix@imc.org Subject: RE: Online Certificate Revocation Protocol I see a big security reason to revoke the private key of an entity. What is the proof that the key was destroyed? If it is a private key on a floppy or disk or token, prove that no-one had access to the key and or the user did not make a back up copy. In the event that the key was destroyed and the key was not revoked, then it would also not show up on the CRL or OCSP. Would this not lead to other difficulties such as sending information using an unknown key (encrypting or signing, would that be invalid or what condition would the certificate indicate?). If the private key of a CA was destroyed or claimed to be destroyed, I would think that the CA should re-issue all certificates to be certain that there is no possibility of compromise. How else would you trust the CA and the signing of CRLs and OCSP responses. If the CA uses a new key to sign CRL's and your application tests to validate that it came from the CA, it may reject the new key as being invalid. It is a matter of trust, however, as Verisign/Microsoft case proves, keys can be compromised and we may not know it until some later point in time. I also think that if you determine that the key was compromised at some later date and you put a claim that the key was compromised sometime between the date of discovery and the date of destruction, the lawyers would have a field day. Anything signed between the date of destruction and date of discovery/revocation could be refuted in court, you don't have a definitive date and time. BTW, yes it is expensive and time consuming to re-issue all keys, however the integrity of the PKI is at stake. I'm just not sure the risks of not revoking a destroyed key would be justifiable even for a CA key. -----Original Message----- From: Santosh Chokhani [mailto:chokhani@cygnacom.com] Sent: Saturday, June 09, 2001 6:27 AM To: jim; Santosh Chokhani Cc: Tony Bartoletti; Housley, Russ; pgut001@cs.auckland.ac.nz; ietf-pkix@imc.org Subject: RE: Online Certificate Revocation Protocol In all this, I do not see a security reason for key revocation. If and when a key is known or suspected of compromise, one should (must) revoke it. A destruction event does not mean key has been compromised. -----Original Message----- From: jim [mailto:jimhei@cablespeed.com] Sent: Friday, June 08, 2001 8:33 PM To: Santosh Chokhani Cc: Tony Bartoletti; Housley, Russ; pgut001@cs.auckland.ac.nz; ietf-pkix@imc.org Subject: Re: Online Certificate Revocation Protocol I usually try to keep a low profile, but cannot help but get involved. There is absolutely a need for revoking keys, even if they were destroyed. If I were conducting a high-risk operation (large sales, financial responsibilites, life responsibilities in the medical community, national defense, etc.), I would not trust any system where keys were not revoked just because someone reported them destroyed. The associated key could certainly be reproduced for later usage if someone were able to figure out what was being used, and without revocation, there would be no way to ensure that they usage of the key did not continue after the reported destruction. When a key is no longer to be used other than at the end of its validity period, it must be place on a CRL to end usage of it altogether. I have stated it pretty strongly, but I feel that way about it. The problem then becomes one of determining the risk mitigation with lost keys and ensuring that the mitigation is as stringent as possible to ensure less risk. It is a matter of trust if the CP and CPS do not call for revocation and will certainly disqualify the users of such keys from access to areas where their certification is not considered suitable. If the ability to put trust into a certificate that is then used to authenticate a user so that user can access information or workflow that they would not otherwise be able to access, then the business decision behind using that form of trust must make the risk mitigation decision to reduce the amount of trust that can be divested into a certificate from a system that does not revoke it because it is reported by the user to be destroyed. For a system to be validated, registration and certificate issuance have to be upheld by having practices as strong for certificate revocation. Otherwise, why have a PKI to begin with? Jim Heimberg, ABC, Ph.D. Santosh Chokhani wrote: Destroying a private key used to generate signature may cause some operational grief in terms of getting a new key certified, but there is no need for that key any more and hence no revocation is needed. Destroying a private decryption key also does not require any revocation, but underscores the need for key recovery. Absent key recovery, data encrypted with the public key companion to the lost private key, can not be decrypted. -----Original Message----- From: Tony Bartoletti [ mailto:azb@llnl.gov <mailto:azb@llnl.gov> ] Sent: Friday, June 08, 2001 5:31 PM To: Housley, Russ; pgut001@cs.auckland.ac.nz Cc: ietf-pkix@imc.org Subject: Re: Online Certificate Revocation Protocol At 04:47 PM 6/8/01 -0400, Housley, Russ wrote: >Peter: > >You make an interesting point. I figure that a message signed with the >private key that is claiming to be compromised is a good thing to pay >attention to. > >If the message is from the subscriber, then that subscriber probably knows >that some bad thing just happened and the subscriber is trying to let >everyone know. He does not want any one to rely on the key any more. > >If the message is not from the subscriber, then the key has absolutely >been compromised. What a nice attacker to tell everyone. > >Russ Indeed. I have often considered that a revocation request signed with the corresponding private key is one of the few things in this world one can act upon reliably. If we could build whole systems on such principles, we'd be home free. A question: If one discovers that they have accidently destroyed their private key (and there is no evidence of compromise), are they under any particular obligation to request revocation? Is there any liability, or other real "downside" to simply getting a new key and keeping mum about the fate of the former key? (I ask, because this seems the only case where a revocation request could NOT be signed by the key in question.) ___tony___ >At 04:34 AM 6/9/2001 +0000, Peter Gutmann wrote: >>Nada Kapidzic Cicovic <nada@entegrity.com> writes: >> >> >This is exactly what CMP specifies. Many vendors already have support >> for CMP >> >EE initiated certificate revocation. The interoperability of different >> >implementations of CMP certificate revocation (among other things) has been >> >conducted during PKI Forum and ICSA CMP interop testing quite successfully. >> >>However there are two ways to look at revocation, the DOS model and the scram >>switch model. The DOS model says that anyone who can revoke your cert can >>cause a DOS, so it should be made as difficult as humanly possible to >>revoke a >>cert. The scram switch model says that when your private key is compromised >>you want the cert revoked right now with no excuses, so it should be made as >>easy as possible to revoke a cert. CMP follows the DOS model and makes >>it very >>difficult (in some cases impossible) to revoke your cert. Programs like PGP >>follow the scram switch model (via suicide-note revocations) and make it very >>easy to revoke your cert. Depending on your point of view, CMP may not >>be the >>right thing for handling revocations. >> >>Peter. Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900
- RE: Online Certificate Revocation Protocol JANES, Mark
- Online Certificate Revocation Protocol Massimiliano Pala
- Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Hansen Wang
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Peter Williams
- RE: Online Certificate Revocation Protocol Frank Balluffi
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Nada Kapidzic Cicovic
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Housley, Russ
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Andrew W. Gray
- Re: Online Certificate Revocation Protocol Paul Hoffman / IMC
- Re: Online Certificate Revocation Protocol Hansen Wang
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Paul Gogarty
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Hansen Wang
- Online Certificate Revocation Protocol Mr Jonathan W Jenkyn
- Re: Online Certificate Revocation Protocol Hansen Wang
- Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Online Certificate Revocation Protocol Massimiliano Pala
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Paul Hoffman / IMC
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Bob Jueneman
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Carlin Covey
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Marc Branchaud
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- RE: Online Certificate Revocation Protocol Paul Gogarty
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Bob Jueneman
- RE: Online Certificate Revocation Protocol Scherling, Mark
- Re: Online Certificate Revocation Protocol Terry Hayes
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Carlin Covey
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Hal Lockhart
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol jim
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Liaquat Khan
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol jim
- RE: Online Certificate Revocation Protocol Luis Azevedo
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Liaquat Khan
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Nick Pope