RE: Online Certificate Revocation Protocol

[Tony Bartoletti <azb@llnl.gov>]

All,

This thread began when I asked a (seeming harmless!) question:  If a user 
destroys (or thinks they have destroyed, intentionally or inadvertently) 
their private key, and thus have no intention of putting it to any further 
use, are they obligated to report this to the CA, or to anyone in particular?

If the key is only used for "very short term applications" such as logins 
or online transactions, having the key revoked would be equivalent to 
reporting its destruction, since there are ostensibly no "durable 
documents" or extended transactions which would depend upon the continued 
availability of the corresponding certificate.

If long-term validation is a need, there seems to be two ways to accomplish 
the task.

Some argue that the answer is to independently archive, timestamp, 
notarize, etc., the articles of interest at the time of their creation 
(while the key was "active"), and thereafter dispense with consideration of 
extended certificate validity altogether.

Others may feel that the ready availability of the existing validation and 
revocation mechanisms should be "enhanced" to support a distinction between 
various key-states (active, retired, compromised, whatever,) assuming dates 
could be trusted.

It was also pointed out to me that the issue of "user-requested revocation" 
may be sensitive in the case that, for instance, the escrow-holder of an 
encryption key may be required to quietly "compromise" the key as part of a 
law-enforcement investigation or surveillance activity, and this muddies 
the water considerably with regard to honoring revocation requests.

So much for harmless questions!

___tony___

At 10:46 AM 6/14/01 -0700, Scherling, Mark wrote:
>In most CPs or Subscriber Agreements the subscriber has the right to ask
>their key be revoked.  It is, correct me if I'm wrong, not the right of the
>CA to refuse to revoke the authorized subscriber certificate.  There may be
>a process that has to be completed such as written confirmation but that is
>a formality.
>
>The question that is being asked is if the subscriber says their key was
>destroyed, should the CA revoke the certificate?  The answer as best we can
>put it is it depends on the CP, CPS and the trust.
>
>-----Original Message-----
>From: Tony Bartoletti [mailto:azb@llnl.gov]
>Sent: Thursday, June 14, 2001 10:34 AM
>To: jim; Santosh Chokhani
>Cc: Scherling, Mark; thayes@netscape.com; Ietf-Pkix
>Subject: Re: Online Certificate Revocation Protocol
>
>
>At 07:42 AM 6/14/01 -0400, jim wrote:
>
> >I do not want to claim that a destroyed key is invalid.  What I believe
> >needs to happen is recognition that the CA is the one to make the decision
> >as to whether the key is destroyed, not the user.  If, for instance, I am
> >using a system with a hard token, if the key is run over by a car and will
> >not be usable, there is still the remains of the key to be turned over to
> >the CA and the CA can make the decision.  If the key is a software token,
> >there is no such manner of determining that the key is truly destroyed by
> >the average PKI user.  As such, why allow a user to determine whether the
> >key is destroyed?  All I think needs to happen is recognize that this is a
> >CA decision and let the CA take the appropriate precautions in accordance
> >with the CP/CPS for the system.
>
>All of this debate orbits around "who is on the hook" when bad things
>happen.
>
>If I suspect my key is compromised (but I cannot easily prove it), or I
>believe I have destroyed it (successfully or not), then what must I do to
>announce to the world that "any signatures generated after this point is
>time should not be attributed to me"?
>
>If it is only up to the CA to make these determinations, and the CA chooses
>not to agree, how am I to protect myself from responsibility for future
>transactions made in my name?
>
>If I make an effort to tell folks "this is the termination date of my key
>use", and the CA does not take action, do they (the CA) become responsible
>for any mischief that may ensue?  It would seem as if they must, since the
>decision on key reliability is in their hands.
>
>___tony___

Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900