[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Certificate suspension

To: <ietf-pkix@xxxxxxx>
Subject: RE: Certificate suspension
From: "Santosh Chokhani" <chokhani@xxxxxxxxxxxx>
Date: Sat, 26 Jan 2008 15:35:09 -0800
In-reply-to: <479BAE9E.2080504@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <1A3F46F5DD089944AFEA613D454D707301C451DB@xxxxxxxxxxxxxxxxxxxxxxx> <479B5C42.9010204@xxxxxxxxxxx> <> <479BAE9E.2080504@xxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AchgcKwfv8jTYgcFT5WH8J3NP9uycgAAs46Q
Thread-topic: Certificate suspension

I have been skim reading this thread for a while.

Please note that suspension does not get in the way of non-repudiation;
it simply increases software complexity on the part of relying parties
trying to sort out time of signature application.

Also, note that there are lots of other issues for preservation of
signatures for long term.  I encourage you to follow the developments of
the IETF LTANS WG for that.  Again, for the long term, with properly
archived revocation information, signature verification in the future
can be securely sorted out using LTANS developed RFCs and I-Ds whether
suspension is used or not.

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Todd E. Johnson
Sent: Saturday, January 26, 2008 5:05 PM
To: Anders Rundgren
Cc: Alfredo Esposito; Bechlaghem, Malek; Denis Pinkas; ietf-pkix@xxxxxxx
Subject: Re: Certificate suspension

Then there are those signatures which are kept long term, say, one that 
is used to initiate a financial instruction after proper validation, and

authorization, occurs.  The problem in this example is, the signature is

archived, and may require validation in the future due to an audit, 
litigation, etc.  This may be years depending on the application's 
business requirements, or law.

To be specific, my only issue with supporting suspension are with 
certificates which assert the nonRepudiation bit.

Otherwise, I understand the usefulness of having the ability to suspend 
certificates which assert only the digitalSignature bit.

These can be settled by policy in isolated implementations.  It becomes 
problematic when honoring credentials from other implementations which 
do not align with your policy.

Only subtle changes could be adopted, allowing for respect of the 
current law internationally (which some appear to require suspension) 
maintaining the technical ability to suspend, and the technical ability 
to not honor the credential by a digital signature centric business 
application if desired.

Anders Rundgren wrote:
> Alfredo,
> The problem you are referring is relevant regardless if you support
certificate suspension or not since a valid certificate may
> indeed be in the wrong hands without the legitimate user knowing or
having reported it.
> 
> Since the majority of signatures these days are performed in on-line
scenarios, certificate suspension for signatures and
> authentication is essentially the same thing.
> 
> Regarding legality the fact is that people are actually convicted
based on IP address associations and e-mail addresses.
> 
> The difference between signatures and authentication is that only the
latter cannot be revoked which is why authentication remains
> the most critical operation regardless of its legal status.
> 
> I wouldn't outlaw certificate suspension, it seems appropriate in an
on-line world.
> 
> thanks
> Anders Rundgren
> 

-- 

Regards,

Todd E. Johnson

References:
- RE: Certificate suspension
  - From: Bechlaghem, Malek
- Re: Certificate suspension
  - From: Alfredo Esposito
- Re: Certificate suspension
  - From: Anders Rundgren
- Re: Certificate suspension
  - From: Todd E. Johnson

Prev by Date: Re: Certificate suspension
Previous by thread: Re: Certificate suspension
Next by thread: rfc3280bis change requested
Index(es):
- Date
- Thread