Peter Gutmann wrote:
> It's not necessarily as simple as that, for example if you have an
> encryption-only key (no way to revoke your cert if you need to submit a signed
> request) or if you've lost your private key (or it was physically stolen), or
> whatever there's nothing you can do if your CA follows the DOS model. Having
> an attacker notify everyone of revocation is also perfectly possible, if I
> steal your key I'll submit a revocation for the once-a-day affiliation-changed
> CRL to prevent you from putting it on the 15-minute key-compromise CRL and
> guarantee me a full day to do whatever I want with it.
So the better would be a protocol allowing CAs to follow whatever policy they
want to and users to request for revocation at any time either if his/her key(s)
have been lost/destroyed/stolen trying, anyway, to avoid unneeded (unauthorized)
revocation to take place. If no strong aythorization is used further
requirements
could be requested by the CA while the certificate could be simply suspended.
What about the submitted RevReq structure ??? Is it reasonable ??? Could it be
a starting point ???
Let me know.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] madwolf@xxxxxxxxxx
madwolf@xxxxxxxxxxxxxxx
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature