Re: Online Certificate Revocation Protocol

[Tony Bartoletti <azb@xxxxxxxx>]

At 07:42 AM 6/14/01 -0400, jim wrote:

> I do not want to claim that a destroyed key is invalid.  What I believe 
> needs to happen is recognition that the CA is the one to make the decision 
> as to whether the key is destroyed, not the user.  If, for instance, I am 
> using a system with a hard token, if the key is run over by a car and will 
> not be usable, there is still the remains of the key to be turned over to 
> the CA and the CA can make the decision.  If the key is a software token, 
> there is no such manner of determining that the key is truly destroyed by 
> the average PKI user.  As such, why allow a user to determine whether the 
> key is destroyed?  All I think needs to happen is recognize that this is a 
> CA decision and let the CA take the appropriate precautions in accordance 
> with the CP/CPS for the system.

All of this debate orbits around "who is on the hook" when bad things happen.

If I suspect my key is compromised (but I cannot easily prove it), or I 
believe I have destroyed it (successfully or not), then what must I do to 
announce to the world that "any signatures generated after this point is 
time should not be attributed to me"?

If it is only up to the CA to make these determinations, and the CA chooses 
not to agree, how am I to protect myself from responsibility for future 
transactions made in my name?

If I make an effort to tell folks "this is the termination date of my key 
use", and the CA does not take action, do they (the CA) become responsible 
for any mischief that may ensue?  It would seem as if they must, since the 
decision on key reliability is in their hands.

___tony___



Tony Bartoletti 925-422-3881 <azb@xxxxxxxx>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900