Re: German Law and OCSP

[Andreas Berger <aberger@xxxxxxxxxxxxxxxx>]

I will try to give some of the rationale behind the design of the German
Signature Law as I understand it. You have to understand that the
requirements were (and still are) not laid down in technical term and
that - of course - there are different interpretations.

One basic design was the differentiation between the CA and the
"information service". The CA issues the certificates and the
information service - an entity that is a distinct organizational unit
from the CA - revokes them. This can be interpreted as a technical
realization of a division of duty which probably could have be solved
with a requirement for the organizational procedures inside a CA.

Once such a division is made technically, it was extended to the idea
that a certificate should only be valid once it is inserted in the
information service database.

The law mentions the information service at one point:

Give that a CA ceases to operate, e.g. when being bankrupt or for what
reason ever, the certificates are still valid (which is true, a
revocation of the CA key is not necessary) iff the CA finds another
trusted party that continues the operation of the information service
and handles revocations. Accept that this is not a technical idea we
had, it is an idea that the lawmakers had. But I do think that it has
some truth in it.

Another point is that the compromise of a CA key may be a very seldom
event but the potential cost, even with a desaster plan in place (anyone
heard about one from any CA?) it may be desirable to have simple
technical fallback position.

And a last remark to our OCSP extension: We extended basically the "not
revoked" case to include extension. This should not disturb other
systems that use the "not revoked" answer in the original CRL based way

Andreas
-- 
Keine Zeit haben wir genug!