Re: Online Certificate Revocation Protocol

[pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)]

Marc Branchaud <marcnarc@xxxxxxxxxxxxxxx> writes:
 
>Perhaps the existing cessationOfOperation code could be used as a "key 
>destroyed" reason.  X.509 states: "cessationOfOperation indicates that the 
>certificate is no longer needed for the purpose for which it was issued but 
>there is no cause to suspect that the private key has been compromised." That 
>doesn't quite fit, but it might work.
 
There's another revocation status which needs a way of indicating it which is 
somewhat trickier, I'll bring it up here in case anyone has any ideas: 
Sometimes a cert can be issued in error, what's needed here is a revocation 
reason which says that not only is the cert revoked, it should never be and 
was never valid at any time for any reason.  You can sort of achieve this by 
setting the revocation time to the cert start time, but there's no real way to 
indicate that the cert should never have been issued (I guess X.500 assumed, 
along with many other things, that all CAs are perfect and never make 
mistakes :-).  The reason why this is more than a theoretical concern is that 
for CMP it's a fairly standard part of CA operations to have to undo a cert 
issue, however there's no CRL reason code to indicate this operation.
 
Peter.