[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate suspension
Anders Rundgren wrote:
Alfredo, The problem you are referring is relevant regardless if you
support certificate suspension or not since a valid *certificate*
[emphasis added] may indeed be in the wrong hands ...
You mean private key I think, not certificate.
... without the legitimate user knowing or having reported it.
Since the majority of signatures these days are performed in on-line
scenarios, certificate suspension for signatures and authentication
is essentially the same thing.
I disagree with the emphasis on on-line signing. Even if it
were empirically true, a prevalence of on-line PKI applications is not
reflective of the unique value of PKI -- which is that signatures can be
verified off-line, and retrospectively -- and we should therefore NOT
bake into our standards and conventions any dependence on, or
presumption of, certificates being used on-line.
Regarding legality the fact is that people are actually convicted
based on IP address associations and e-mail addresses.
I agree that we should not over-do "legality" since there are indeed all
sorts of ways to find someone legally liable (or not) for things that
happen electronically.
[BTW the richness of IT forensics is one reason I think that
"non-repudiation" is such a red herring and such an albatross around our
necks (pardon the mixed marine metaphor! And pardon the alliteration!!).
[If I create a digital signature using complex software as part of a
transaction, and there follows some sort of court case, I do not believe
that the outcome will depend much at all on whether the NR bit is
asserted. A reductio ad absurdum helps underscore the futility of
"non-repudiation": Imagine I make a credit card payment over the
Internet, and then change my mind about the purchase. I could try to
deny making the payment, and to bolster my case, I could say to a judge
"Look Your Honour, there was no 'non-repudiation' in the transaction
technology, therefore I can repudiate it!". Fat chance!! So if the
absence of an NR bit will not help me win the case, the presence of an
NR bit cannot be defining of a legal position either.]
The difference between signatures and authentication is that only the
latter cannot be revoked which is why authentication remains the
most critical operation regardless of its legal status.
I don't understand the idea that 'authentication cannot be revoked'.
I wouldn't outlaw certificate suspension, it seems appropriate in an
on-line world.
If there is any case for a credential being suspended for a period of
time, with the expectation of it being un-suspended, then I say let's
suspend the key, and not worry about the certificate.
Looking at the off-line world of PKI, I remain won over by the argument
that the possibility of a certificate being suspended, and then
re-instated some time later (and then suspended again and reinstated
...) makes it very difficult to take a signature created at some time in
the past and determine from CRLs and delta CRLs whether or not the
certificate was valid at that time.
Another scenario advanced in favour of suspension is when the key owner
has misplaced their key but thinks it might still turn up. But this
introduces too much wiggle room into Required Revocation.
Conventionally, most Certificate Policies insist that if one even
suspects possible private key compromise, revocation is required. It
seems to me very difficult to characterise in a Policy any middle ground
that would allow a user some shade of doubt. Tellingly, you cannot
"suspend" a credit card if it is misplaced (not in Australia at any
rate). I misplaced a card once, and called my bank to have it put on
hold while I looked for it. But the operator asked me "Is your card
lost, or is it not?". There was no middle ground, I had to either
cancel the card, or wear the consequences of it being misused while not
under my control.
I cannot see why digital certificates would ever be any different.
Cheers,
Stephen Wilson.
www.lockstep.com.au.