Re: [lamps] Revocation Request Format?

Russ Housley <> Mon, 05 March 2018 19:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EA59C12D7E4 for <>; Mon, 5 Mar 2018 11:18:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bkaT1XUY5eCz for <>; Mon, 5 Mar 2018 11:18:52 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EB806129C6D for <>; Mon, 5 Mar 2018 11:18:51 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id D34FB300558 for <>; Mon, 5 Mar 2018 14:18:49 -0500 (EST)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10026) with ESMTP id IVP25sh4ywjm for <>; Mon, 5 Mar 2018 14:18:48 -0500 (EST)
Received: from a860b60074bd.home ( []) by (Postfix) with ESMTPSA id 01BC8300435; Mon, 5 Mar 2018 14:18:47 -0500 (EST)
From: Russ Housley <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1E9E4E46-F800-4565-832C-F3D717A0055F"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 5 Mar 2018 14:18:59 -0500
In-Reply-To: <>
Cc: SPASM <>
To: Ryan Sleevi <>
References: <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3273)
Archived-At: <>
Subject: Re: [lamps] Revocation Request Format?
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 05 Mar 2018 19:18:55 -0000

> On Mar 5, 2018, at 1:26 PM, Ryan Sleevi <> wrote:
> On Mon, Mar 5, 2018 at 12:04 PM Russ Housley < <>> wrote:
>> On Mar 2, 2018, at 4:19 PM, Ryan Sleevi < <>> wrote:
>> On Fri, Mar 2, 2018 at 3:17 PM, Phillip Hallam-Baker < <>> wrote:
>> If it is a signing key, just sign a CRL for the certificate. Now that is not quite the same as revoking the key but certs are the only things PKIX makes status assertions about.
>> Do we have to support self-revocation of certs with only encryption only keys? Probably not.
>> Since a very common reason for having to revoke a cert is that the private key is lost entirely any revocation format cannot be the only way to request revocation. So I don't see the relevance of the robot attack.
>> Because it's a demonstration of compromise. Any attempt to define how that demonstration of compromise is proved (which I think is *bad* standardization) is to make it more difficult to report or demonstrate compromise.
> When we had a similar discussion many years ago, the feeling was somewhat different.  If someone has assess to the private key and uses it to authenticate a revocation request, the CA should honor it.  Since the party clearly has access to the private key, thee are many things that party could do that are more harmful than revoking the associated certificate.
> I think we’re in violent agreement on how it should work - any demonstration should be accepted as proof. :)
> I was highlighting, however, that a policy on which CAs normalize how that demonstration is done has the unfortunate side-effect of encouraging that to be the de facto way it is done, which changes the burden from CAs (to process/verify requests) to reporters/subscribers (to produce requests the CA will accept). I’m suggesting that’s an exchange of effort that does more harm than good, ties into the policy aspects of the PKI (what methods are acceptable to request revocation), and does provide compelling benefit for those reporting compromise. For those self-requesting revocation, that’s an aspect of Certificate lifecycle management, and there’s no inherent need for a signed proof (as demonsrrated by ACME’s protocol and the existing PKI management tools).

Aren't we already there, based on the CMP, CMC, and ACME protocol mechanisms?  Of course, any report of compromise that is not authenticated by the private key still must be investigated by the CA.