Re: Online Certificate Revocation Protocol

[Denis Pinkas <Denis.Pinkas@bull.net>]

Liaquat,

> I agree with what you are saying Denis, 

Good.

> but the scenario I was painting was
> slightly different.  Imagine a digital signature which is being verified for
> the first time by a relying party.  The relying party checks the relevant
> CRL and realises that the certificate is revoked.  

So the signature is invalid.

> However the signature was produced before the revocation occurred.  

How can a relying party know that the signature was produced before the
revocation occurred ? Unless a time-stamp has been applied it is hard to
prove. Then if you want to prove that the signature was valid (or invalid)
at the time the time-stamp was applied, then you must get the revocation
information available at that time.

> It would be nice for the CA to
> indicate in the CRL within the reason code that the certificate was never
> valid.  So signatures performed even before the revocation should not be
> trusted.

One again, signatures performed before the revocation shall remain trusted.

Regards,

Denis

 
> Regards,
> Liaquat
> 
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: 18 June 2001 09:59
> To: liaquat.khan@gta.multicert.org
> Cc: ietf-pkix@imc.org
> Subject: Re: Online Certificate Revocation Protocol
> 
> Liaquat,
> 
> > I agree a new reason code of ("never valid") has uses.  This will allow a
> > relying party when verifying a digital signatures using a certificate,
> which
> > when performing revocation checking is found to be on a CRL with the a new
> > reason code ("never valid"), to detect that the digital signature should
> not
> > be trusted even if the digital signature was produced before the time of
> the
> > revocation of the certificate.   Otherwise in theory signature produced
> > before the revocation will continue to be considered valid - not a good
> > situation for the relying party or for the CA.
> 
> This is the reverse situation. If a signature was tested to be valid e.g. in
> June 2000 and the certificate was revoked for any reason e.g. in May 2001,
> then the signature tested good in June 2000, shall continue to be valid,
> otherwise it would not be a good situation for relying parties.
> 
> Denis
> 
> > However, I cannot see the need to keep such a certificate on a CRL even
> > after it has expired...what does this achieve?
> >
> > Regards,
> > Liaquat
> >
> > -----Original Message-----
> > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]On
> > Behalf Of Peter Gutmann
> > Sent: 14 June 2001 11:13
> > To: ietf-pkix@imc.org; madwolf@openca.org
> > Subject: Re: Online Certificate Revocation Protocol
> >
> > Massimiliano Pala <madwolf@hackmasters.net> writes:
> > >Peter Gutmann wrote:
> > >>There's another revocation status which needs a way of indicating it
> which
> > is
> > >>somewhat trickier, I'll bring it up here in case anyone has any ideas:
> > >>Sometimes a cert can be issued in error, what's needed here is a
> > revocation
> > >>reason which says that not only is the cert revoked, it should never be
> > and
> > >>was never valid at any time for any reason.  You can sort of achieve
> this
> > by
> > >
> > >In this case, when will br the entry removed from the CRL ? When the
> > >certificate will be expired ?? Or should it be left in all future CRLs ?
> >
> > Well, CMP leaves pretty much everything to CA policy so it's up to the
> > individual CA.  I leave it in the CRL until the cert expires anyway, but
> > that's just me (I'm also currently overloading the "undefined" reason code
> > in
> > the hope that, since you're not supposed to use it, it's a spare code
> which
> > can be used to mean "never valid", but it really needs its own reason code
> > to
> > indicate the true status).
> >
> > Peter.