RE: Online Certificate Revocation Protocol

["Carlin Covey" <ccovey@cylink.com>]

Lynn,

I quite agree that notarizing, with or without secure time, is a more
comprehensive solution.  I simply proposed one-time signature keys as an
example of a situation in which the certificate is expressly intended to be
valid after the private key has been destroyed.  Now whether anyone would
want to use one-time signature keys is another matter ....

Regards,

Carlin

____________________________

-  Carlin Covey
   Cylink Corporation

-----Original Message-----
From: Lynn.Wheeler@firstdata.com [mailto:Lynn.Wheeler@firstdata.com]
Sent: Monday, June 11, 2001 3:59 PM
To: Carlin Covey
Cc: Bob Jueneman; ietf-pkix@imc.org
Subject: RE: Online Certificate Revocation Protocol




in many cases, notary can include the idea of (secure) time .... i.e. that
not only can you proove who signed it ... but also when it was signed.

in principle, private keys (whether compromised or not) should not be able
to "pre-date" such a notorized, secure "time" signing.

typical solution is either a secure audit trail .... and/or to encapsulate
the signing inside some other transaction/document which includes a secure
time which is then signed by the notary function. The notary function
(wether audit trail or encapsulated function) can also include the business
function of validating/prooving the original signature (aka the notary
attests to the validity of a specific signature at a specific time).

while a one-time key with non-expiring certificate could meet a subset of
the business requirement .... it is not clear how many business processes
would need just the subset w/o needing the rest of the capability (aka, a
secure audit that establishes the validity of a signature executed at a
specific time would subsume the need for a one-time signature key and also
meet additional normal, day-to-day business requirements .... aka not only
is there the issue of what order a sequence of signatures might have taken
place .... but also what order did signatures take place within the context
of real-world events and sequences ... i.e. time).

If you are going to go to all the trouble of a notary ... dump the stuff
with the one-time private key .... and meet the rest of the business
requirements which includes did the signature verify and at what time did
the signature verify.






"Carlin Covey" <ccovey@cylink.com>@mail.imc.org on 06/11/2001 10:00:12 AM

Sent by:  owner-ietf-pkix@mail.imc.org


To:   "Bob Jueneman" <bjueneman@novell.com>
cc:   <ietf-pkix@imc.org>
Subject:  RE: Online Certificate Revocation Protocol



[Bob Jueneman]:

Indeed, although some have deprecated the concept of a private key validity
period, it makes a great deal of sense to DELIBERATELY destroy a given
signature key, especially a code or certificate signing key, well before
the
corresponding certificate expires.  From the point of view of the
certificate subscriber, this minimizes his risk by making certain that the
key can NOT be compromised, yet the certificate has not expired or been
revoked, so the certificate will continue to validate properly.

[Carlin Covey]:

I agree with Bob.  It might even be desirable to use "one-time" signature
keys for signing particularly important documents, such as major contracts,
wills, etc.   There might even be a "super non-repudiation" policy
associated with the guaranteed destruction of the signature private key.
This might be implemented via some trusted hardware token that generates
the
keypair, signs the document, destroys the private key, and signs a
notification of private key destruction.  Another possibility is some sort
of trusted "key-destruction notary" service that notarizes the document,
and
then destroys the certified one-time signature key as a matter of policy.

Regards,

Carlin

____________________________

-  Carlin Covey
   Cylink Corporation