IETF Logo Mail Archive

Re: Online Certificate Revocation Protocol

Tony Bartoletti <azb@llnl.gov> Thu, 14 June 2001 18:14 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA06271 for <pkix-archive@odin.ietf.org>; Thu, 14 Jun 2001 14:14:30 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5EHQSk19892 for ietf-pkix-bks; Thu, 14 Jun 2001 10:26:28 -0700 (PDT)
Received: from smtp-2.llnl.gov (smtp-2.llnl.gov [128.115.250.82]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5EHQSJ19888 for <ietf-pkix@imc.org>; Thu, 14 Jun 2001 10:26:28 -0700 (PDT)
Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-2.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id KAA05518; Thu, 14 Jun 2001 10:26:20 -0700 (PDT)
Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id KAA05757; Thu, 14 Jun 2001 10:26:20 -0700 (PDT)
Message-Id: <4.3.2.7.2.20010614102357.00b10b10@poptop.llnl.gov>
X-Sender: e048786@poptop.llnl.gov
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 14 Jun 2001 10:34:15 -0700
To: jim <jimhei@cablespeed.com>, Santosh Chokhani <chokhani@cygnacom.com>
From: Tony Bartoletti <azb@llnl.gov>
Subject: Re: Online Certificate Revocation Protocol
Cc: "Scherling, Mark" <mscherling@rsasecurity.com>, thayes@netscape.com, Ietf-Pkix <ietf-pkix@imc.org>
In-Reply-To: <3B28A32B.49138FBE@cablespeed.com>
References: <8D7EC1912E25D411A32100D0B769539706AB10@scygmxs01.cygnacom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>

At 07:42 AM 6/14/01 -0400, jim wrote:

>I do not want to claim that a destroyed key is invalid.  What I believe 
>needs to happen is recognition that the CA is the one to make the decision 
>as to whether the key is destroyed, not the user.  If, for instance, I am 
>using a system with a hard token, if the key is run over by a car and will 
>not be usable, there is still the remains of the key to be turned over to 
>the CA and the CA can make the decision.  If the key is a software token, 
>there is no such manner of determining that the key is truly destroyed by 
>the average PKI user.  As such, why allow a user to determine whether the 
>key is destroyed?  All I think needs to happen is recognize that this is a 
>CA decision and let the CA take the appropriate precautions in accordance 
>with the CP/CPS for the system.

All of this debate orbits around "who is on the hook" when bad things happen.

If I suspect my key is compromised (but I cannot easily prove it), or I 
believe I have destroyed it (successfully or not), then what must I do to 
announce to the world that "any signatures generated after this point is 
time should not be attributed to me"?

If it is only up to the CA to make these determinations, and the CA chooses 
not to agree, how am I to protect myself from responsibility for future 
transactions made in my name?

If I make an effort to tell folks "this is the termination date of my key 
use", and the CA does not take action, do they (the CA) become responsible 
for any mischief that may ensue?  It would seem as if they must, since the 
decision on key reliability is in their hands.

___tony___



Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900

v2.23.0 | Report a Bug | By Email