RE: Online Certificate Revocation Protocol

[Santosh Chokhani <chokhani@cygnacom.com>]

Mark:

I have the same understanding as you do.

-----Original Message-----
From: Scherling, Mark [mailto:mscherling@rsasecurity.com]
Sent: Thursday, June 14, 2001 1:47 PM
To: 'Tony Bartoletti'; jim; Santosh Chokhani
Cc: Scherling, Mark; thayes@netscape.com; Ietf-Pkix
Subject: RE: Online Certificate Revocation Protocol


In most CPs or Subscriber Agreements the subscriber has the right to ask
their key be revoked.  It is, correct me if I'm wrong, not the right of the
CA to refuse to revoke the authorized subscriber certificate.  There may be
a process that has to be completed such as written confirmation but that is
a formality.

The question that is being asked is if the subscriber says their key was
destroyed, should the CA revoke the certificate?  The answer as best we can
put it is it depends on the CP, CPS and the trust.  

-----Original Message-----
From: Tony Bartoletti [mailto:azb@llnl.gov]
Sent: Thursday, June 14, 2001 10:34 AM
To: jim; Santosh Chokhani
Cc: Scherling, Mark; thayes@netscape.com; Ietf-Pkix
Subject: Re: Online Certificate Revocation Protocol


At 07:42 AM 6/14/01 -0400, jim wrote:

>I do not want to claim that a destroyed key is invalid.  What I believe 
>needs to happen is recognition that the CA is the one to make the decision 
>as to whether the key is destroyed, not the user.  If, for instance, I am 
>using a system with a hard token, if the key is run over by a car and will 
>not be usable, there is still the remains of the key to be turned over to 
>the CA and the CA can make the decision.  If the key is a software token, 
>there is no such manner of determining that the key is truly destroyed by 
>the average PKI user.  As such, why allow a user to determine whether the 
>key is destroyed?  All I think needs to happen is recognize that this is a 
>CA decision and let the CA take the appropriate precautions in accordance 
>with the CP/CPS for the system.

All of this debate orbits around "who is on the hook" when bad things
happen.

If I suspect my key is compromised (but I cannot easily prove it), or I 
believe I have destroyed it (successfully or not), then what must I do to 
announce to the world that "any signatures generated after this point is 
time should not be attributed to me"?

If it is only up to the CA to make these determinations, and the CA chooses 
not to agree, how am I to protect myself from responsibility for future 
transactions made in my name?

If I make an effort to tell folks "this is the termination date of my key 
use", and the CA does not take action, do they (the CA) become responsible 
for any mischief that may ensue?  It would seem as if they must, since the 
decision on key reliability is in their hands.

___tony___



Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900