IETF Logo Mail Archive

Re: Online Certificate Revocation Protocol

Paul Hoffman / IMC <phoffman@imc.org> Fri, 08 June 2001 23:02 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA21468 for <pkix-archive@odin.ietf.org>; Fri, 8 Jun 2001 19:02:53 -0400 (EDT)
Received: by above.proper.com (8.9.3/8.9.3) id PAA02111 for ietf-pkix-bks; Fri, 8 Jun 2001 15:13:04 -0700 (PDT)
Received: from [165.227.249.18] (ip18.proper.com [165.227.249.18]) by above.proper.com (8.9.3/8.9.3) with ESMTP id PAA02092 for <ietf-pkix@imc.org>; Fri, 8 Jun 2001 15:12:58 -0700 (PDT)
Mime-Version: 1.0
X-Sender: phoffman@mail.imc.org
Message-Id: <p0510030cb746fcca47e8@[165.227.249.18]>
In-Reply-To: <5.0.1.4.2.20010608164340.02079118@exna07.securitydynamics.com>
References: <5.0.1.4.2.20010608164340.02079118@exna07.securitydynamics.com>
Date: Fri, 08 Jun 2001 15:11:29 -0700
To: ietf-pkix@imc.org
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Re: Online Certificate Revocation Protocol
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>

Using POP for revocation causes problems in two scenarios:

- I have deleted my private key and discover later that it was stolen 
but not used before I deleted it

- I have physically lost my private key to an attacker (such as my 
computer was stolen)

The latter is probably much more likely. Given that private keys are 
often (usually?) protected with crackable passwords, the loss of a 
computer to an attacker can be pretty disastrous. I assume that many 
CAs have out-of-band revocation mechanisms for this case, but they 
certainly would take a long time, and are probably difficult for a 
typical end user to find out about.

--Paul Hoffman, Director
--Internet Mail Consortium

v2.23.0 | Report a Bug | By Email