[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Online Certificate Revocation Protocol

To: Paul Hoffman / IMC <phoffman@xxxxxxx>, ietf-pkix@xxxxxxx
Subject: Re: Online Certificate Revocation Protocol
From: Tony Bartoletti <azb@xxxxxxxx>
Date: Fri, 08 Jun 2001 16:30:10 -0700
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: < <><>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 03:11 PM 6/8/01 -0700, you wrote:

Using POP for revocation causes problems in two scenarios:

- I have deleted my private key and discover later that it was stolen but not used before I deleted it

- I have physically lost my private key to an attacker (such as my computer was stolen)

The latter is probably much more likely. Given that private keys are often (usually?) protected with crackable passwords, the loss of a computer to an attacker can be pretty disastrous. I assume that many CAs have out-of-band revocation mechanisms for this case, but they certainly would take a long time, and are probably difficult for a typical end user to find out about.
--Paul Hoffman, Director
--Internet Mail Consortium

It is interesting to take each "misfortune" that might befall a key, and consider the likelihood and timeliness of the discovery. It my PC is stolen, I'll notice it pretty quick. If someone gets inside, either remotely or by physical access, and intends to steal the key (to decrypt at some later time), they are not likely to destroy my copy (tends to defeat the purpose of stealing it, I would assume.) In such a case, discovery depends upon observing activities that may or may not be obvious, even when the key is used. If the key is used to access sensitive information, how would I know, unless there is a policy of the information agency to send the legitimate requesting party a confirmation/record of accesses.

Of your two examples, the latter is certainly "more likely discovered soon", but I don't know if it is a more likely occurrence, overall. I suppose it depends upon how long it is before you notice the theft, or the illicit use of the key.

The problem in considering these threats is that it is precisely the "stealthy professional" who will trigger the most insidious consequences. The risk of damage is perhaps greater, and yet we tend to discount the likelihood.

If CAs may "take a long time" to effect the out-of-band revocation, I have to assume the issue is really some combination of "staffing" and "low priority", rather than a concern about DoS.

Maybe I'm wrong.

___tony___

Tony Bartoletti 925-422-3881 <azb@xxxxxxxx>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900

Follow-Ups:
- Re: Online Certificate Revocation Protocol
  - From: Hansen Wang

References:
- Re: Online Certificate Revocation Protocol
  - From: Housley, Russ
- Re: Online Certificate Revocation Protocol
  - From: Paul Hoffman / IMC

Prev by Date: Re: Online Certificate Revocation Protocol
Next by Date: Re: Online Certificate Revocation Protocol
Previous by thread: Re: Online Certificate Revocation Protocol
Next by thread: Re: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread