[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Online Certificate Revocation Protocol

To: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>
Subject: Re: Online Certificate Revocation Protocol
From: "Andrew W. Gray" <agray@xxxxxxxxxxxx>
Date: Fri, 08 Jun 2001 17:54:58 -0400
Cc: pgut001@xxxxxxxxxxxxxxxxx, ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

"Housley, Russ" wrote:

> You make an interesting point.  I figure that a message signed with the
> private key that is claiming to be compromised is a good thing to pay
> attention to.
> 
> If the message is from the subscriber, then that subscriber probably knows
> that some bad thing just happened and the subscriber is trying to let
> everyone know.  He does not want any one to rely on the key any more.

Unfortunately, this procedure asserts that the subscriber has possession
of the private key.  The subscriber's key may easily have been deleted /
destroyed / physically stolen by the attacker.

Andrew

References:
- Re: Online Certificate Revocation Protocol
  - From: Housley, Russ

Prev by Date: RE: Online Certificate Revocation Protocol
Next by Date: Re: Online Certificate Revocation Protocol
Previous by thread: Re: Online Certificate Revocation Protocol
Next by thread: Re: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread