IETF Logo Mail Archive

Re: Online Certificate Revocation Protocol

Marc Branchaud <marcnarc@rsasecurity.com> Mon, 11 June 2001 21:40 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19533 for <pkix-archive@odin.ietf.org>; Mon, 11 Jun 2001 17:40:30 -0400 (EDT)
Received: by above.proper.com (8.11.3/8.11.3) id f5BKsvM16799 for ietf-pkix-bks; Mon, 11 Jun 2001 13:54:57 -0700 (PDT)
Received: from nebula.x509.com (nebula.x509.com [199.175.150.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5BKstJ16795 for <ietf-pkix@imc.org>; Mon, 11 Jun 2001 13:54:56 -0700 (PDT)
Received: from crack.x509.com (mail.x509.com [199.175.150.1]) by nebula.x509.com (8.11.3/XCERT) with ESMTP id f5BKspi06930 for <ietf-pkix@imc.org>; Mon, 11 Jun 2001 13:54:51 -0700 (PDT)
Received: from exvan01.x509.com (exvan01.x509.com [10.9.22.50]) by crack.x509.com (8.11.3/XCERT) with ESMTP id f5BKsoU02869 for <ietf-pkix@imc.org>; Mon, 11 Jun 2001 13:54:50 -0700 (PDT)
Received: from rsasecurity.com (eskarina.eng.x509.com [10.7.33.45]) by exvan01.x509.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id L2KC5C6C; Mon, 11 Jun 2001 13:55:24 -0700
Message-ID: <3B252FF1.4253F066@rsasecurity.com>
Date: Mon, 11 Jun 2001 13:54:09 -0700
From: Marc Branchaud <marcnarc@rsasecurity.com>
Organization: RSA Security
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.18 i686)
X-Accept-Language: en, fr
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Online Certificate Revocation Protocol
References: <4.3.2.7.2.20010611110541.00b15a00@poptop.llnl.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Content-Transfer-Encoding: 7bit


Tony Bartoletti wrote:
> 
> At 12:01 PM 6/11/01 -0400, Santosh Chokhani wrote:
> >Revocation of a public key certificate whose companion key has been
> >destroyed is a BAD idea.
> >
> >For example, if the subject of the key is a CA, revocation of that public
> >key certificate could cause denial of service for all the certificates
> >issued by that CA.  There is nothing wrong with the certificates.
> 
> I admit I'm on the fence here, but one should be able to "revoke the
> certificate" only in terms that mean "any signatures created after that
> point are invalid", without interfering with the ability to use the public
> key to continue verifying previously signed objects.
> 
> This suggests that CAs (or someone) should provide an historical "was valid
> between" service.  This would mitigate the DoS issue.


<can contents="worms">

There could conceivably be a "key destroyed" revocation reason to handle this
situation.  The problem is that you can't tell from the validity period of a
certificate exactly when the CA issued that cert.  An honest CA will put
accurate validity periods in its certs, but if a CA's key is compromised then
the attacker can issue certs for any period of time.  Once compromised, the
certificate should be properly revoked.

So here's a proposal:

If a key (CA's or otherwise) is destroyed, place the certificate on a CRL
with a "key destroyed" reason.  This indicates that any certificates issued
by that key on or after the time of destruction should be considered invalid.

If, before the key's certificate expires, the key is actually compromised,
issue a new CRL with a "key compromised" revocation reason.  This fully
revokes the certificate, with all that implies.

</can>

		Marc

v2.23.0 | Report a Bug | By Email