Re: Online Certificate Revocation Protocol

[Tony Bartoletti <azb@xxxxxxxx>]

At 10:56 AM 6/13/01 +0000, Peter Gutmann wrote:
> There's another revocation status which needs a way of indicating it which is
> somewhat trickier, I'll bring it up here in case anyone has any ideas:
> Sometimes a cert can be issued in error, what's needed here is a revocation
> reason which says that not only is the cert revoked, it should never be and
> was never valid at any time for any reason.  You can sort of achieve this by
> setting the revocation time to the cert start time, but there's no real 
> way to
> indicate that the cert should never have been issued (I guess X.500 assumed,
> along with many other things, that all CAs are perfect and never make
> mistakes :-).  The reason why this is more than a theoretical concern is that
> for CMP it's a fairly standard part of CA operations to have to undo a cert
> issue, however there's no CRL reason code to indicate this operation.
>
> Peter.

Does this relate to why the "emergency CRL" published after the bogus 
Microsoft code-signing certs were issued was not a "real CRL"?  I 
understood that Microsoft supported one form of "CRL mechanism" while they 
routinely employed certificates incompatible with that mechanism, and that 
was the reason they cold not "just revoke" the (bad) certificates that were 
issued.

Also, if a CA (in error) issues several certificates to company X and then 
simply lists them as revoked (to fix the error), might this look as if 
company X were at fault (poor key management, invalid requests, etc.,) when 
in fact there were no such requests?  The ambiguity is disturbing.

___tony___




Tony Bartoletti 925-422-3881 <azb@xxxxxxxx>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900