Re: multiple digitale signatures

[Soenke Maseberg <maseberg@xxxxxxxxxxxxxxxx>]

Hi Juergen.

Juergen Brauckmann wrote:

> Why do you want to do that? If a client has an old OCSP response with an
> expired algorithm, then the client could simply request a new OCSP
> response.

How do the CA (certification authority) informs the CHs (certificate holder)
about a compromised signature algorithm or key?

I think the CA should use CRLs, where CRLs are multiple signed. Because
otherwise the information about a compromised algorithm or key could be
forged. Moreover a CH don't know, when such a case occurs, so that the CRL
should have multiple digital signatures ever. A CH can decide which of them
he proofs. All under the assumption that the possibility of occurence of
failures for all used signature algorithms at the same time is very small.
The used signature algorithms in the PKI have to be independent from each
other.

Analogous a OCSP reponse have to be multiple signed.


> If the old OCSP response is that important that you must reuse it, then
> you may use timestamps.

The problem of timestamps occurs if they uses the compromised signature
algorithm too.

> I think it would be a big performance burden on the OCSP responder if it
> would be forced to sign the response multiple times.

Performance is a big theme: But I think it is feasible. For example: today
you use RSA signatures with 1024 bit and in the FlexiPKI you expand it with
an ECDSA signature with 160 bit.

Best regards,
Soenke