[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Online Certificate Revocation Protocol

To: ietf-pkix@xxxxxxx
Subject: Re: Online Certificate Revocation Protocol
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Fri, 8 Jun 2001 15:11:29 -0700
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Using POP for revocation causes problems in two scenarios:

- I have deleted my private key and discover later that it was stolen but not used before I deleted it

- I have physically lost my private key to an attacker (such as my computer was stolen)

The latter is probably much more likely. Given that private keys are often (usually?) protected with crackable passwords, the loss of a computer to an attacker can be pretty disastrous. I assume that many CAs have out-of-band revocation mechanisms for this case, but they certainly would take a long time, and are probably difficult for a typical end user to find out about.

--Paul Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- Re: Online Certificate Revocation Protocol
  - From: Tony Bartoletti

References:
- Re: Online Certificate Revocation Protocol
  - From: Housley, Russ

Prev by Date: Re: Online Certificate Revocation Protocol
Next by Date: Re: Online Certificate Revocation Protocol
Previous by thread: Re: Online Certificate Revocation Protocol
Next by thread: Re: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread