|
For a
long period of time, I used to think that checking validity period and
revocation status of a trust anchor is useless. While
I still hold that view on the revocation status, my rationale for checking validity
period has been incomplete. It
seems that there is a value in enforcing the validity period on a trust anchor. Trust
anchors by their very nature are insecure objects in the sense that they must
be protected using means other than signature on them. To ascribe security to
PKI, one has to assume that the means to protect the trust anchors in relying
party trust store are secure and can not be altered. Thus, enforcing validity
period on them gives the organization another means to obsolete them. This may
be useful capability as we transition from 1024 bit roots to 2048 bits and 1024
bit roots have defined validity period. I
doubt that X.509 and 3280bis would want to change their requirement, but I hope
that there would be less of an objection to discuss this in the Security
Considerations section. Santosh
Chokhani CygnaCom
Solutions, Inc, (703)
270-3535 schokhani@xxxxxxxxxxxx |