Re: Online Certificate Revocation Protocol

[Massimiliano Pala <madwolf@xxxxxxxxxx>]

Tony Bartoletti wrote:
> 
> At 12:01 PM 6/11/01 -0400, Santosh Chokhani wrote:
> >Revocation of a public key certificate whose companion key has been
> >destroyed is a BAD idea.

I think that destroying deliberately its own key and incidentally are
different cases. I think the second is to be considered a "loose of
control" of the key -- to me SHOULD be revoked. Could we think adding
a CRL extension for this scenario (keyDestroyed) ???

> I admit I'm on the fence here, but one should be able to "revoke the
> certificate" only in terms that mean "any signatures created after that
> point are invalid", without interfering with the ability to use the public
> key to continue verifying previously signed objects.

I agree with you -- and actually I think many laws on digital signature
means that when talking about certificate revocation.
 
> This suggests that CAs (or someone) should provide an historical "was valid
> between" service.  This would mitigate the DoS issue.

This could be done having an archive of the issued certificates and CRLs the
validity period of a revoked certificate will be notBefore -> revDate. Many
laws also require archives to keep information for at least 10 years. At
least in Europe.

-- 

C'you,

	Massimiliano Pala

--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                madwolf@xxxxxxxxxx
                                                     madwolf@xxxxxxxxxxxxxxx
http://www.openca.org                            Tel.:   +39 (0)59  270  094
http://openca.sourceforge.net                    Mobile: +39 (0)347 7222 365