[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Online Certificate Revocation Protocol

To: "Scherling, Mark" <mscherling@xxxxxxxxxxxxxxx>, jim <jimhei@xxxxxxxxxxxxxx>, Santosh Chokhani <chokhani@xxxxxxxxxxxx>
Subject: RE: Online Certificate Revocation Protocol
From: Tony Bartoletti <azb@xxxxxxxx>
Date: Thu, 14 Jun 2001 12:00:56 -0700
Cc: "Scherling, Mark" <mscherling@xxxxxxxxxxxxxxx>, thayes@xxxxxxxxxxxx, Ietf-Pkix <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

All,

This thread began when I asked a (seeming harmless!) question: If a user destroys (or thinks they have destroyed, intentionally or inadvertently) their private key, and thus have no intention of putting it to any further use, are they obligated to report this to the CA, or to anyone in particular?

If the key is only used for "very short term applications" such as logins or online transactions, having the key revoked would be equivalent to reporting its destruction, since there are ostensibly no "durable documents" or extended transactions which would depend upon the continued availability of the corresponding certificate.

If long-term validation is a need, there seems to be two ways to accomplish the task.

Some argue that the answer is to independently archive, timestamp, notarize, etc., the articles of interest at the time of their creation (while the key was "active"), and thereafter dispense with consideration of extended certificate validity altogether.

Others may feel that the ready availability of the existing validation and revocation mechanisms should be "enhanced" to support a distinction between various key-states (active, retired, compromised, whatever,) assuming dates could be trusted.

It was also pointed out to me that the issue of "user-requested revocation" may be sensitive in the case that, for instance, the escrow-holder of an encryption key may be required to quietly "compromise" the key as part of a law-enforcement investigation or surveillance activity, and this muddies the water considerably with regard to honoring revocation requests.

So much for harmless questions!

___tony___

At 10:46 AM 6/14/01 -0700, Scherling, Mark wrote:

In most CPs or Subscriber Agreements the subscriber has the right to ask
their key be revoked.  It is, correct me if I'm wrong, not the right of the
CA to refuse to revoke the authorized subscriber certificate.  There may be
a process that has to be completed such as written confirmation but that is
a formality.

The question that is being asked is if the subscriber says their key was
destroyed, should the CA revoke the certificate?  The answer as best we can
put it is it depends on the CP, CPS and the trust.

-----Original Message-----
From: Tony Bartoletti [mailto:azb@xxxxxxxx]
Sent: Thursday, June 14, 2001 10:34 AM
To: jim; Santosh Chokhani
Cc: Scherling, Mark; thayes@xxxxxxxxxxxx; Ietf-Pkix
Subject: Re: Online Certificate Revocation Protocol

At 07:42 AM 6/14/01 -0400, jim wrote:

>I do not want to claim that a destroyed key is invalid.  What I believe
>needs to happen is recognition that the CA is the one to make the decision
>as to whether the key is destroyed, not the user.  If, for instance, I am
>using a system with a hard token, if the key is run over by a car and will
>not be usable, there is still the remains of the key to be turned over to
>the CA and the CA can make the decision.  If the key is a software token,
>there is no such manner of determining that the key is truly destroyed by
>the average PKI user.  As such, why allow a user to determine whether the
>key is destroyed?  All I think needs to happen is recognize that this is a
>CA decision and let the CA take the appropriate precautions in accordance
>with the CP/CPS for the system.

All of this debate orbits around "who is on the hook" when bad things
happen.

If I suspect my key is compromised (but I cannot easily prove it), or I
believe I have destroyed it (successfully or not), then what must I do to
announce to the world that "any signatures generated after this point is
time should not be attributed to me"?

If it is only up to the CA to make these determinations, and the CA chooses
not to agree, how am I to protect myself from responsibility for future
transactions made in my name?

If I make an effort to tell folks "this is the termination date of my key
use", and the CA does not take action, do they (the CA) become responsible
for any mischief that may ensue?  It would seem as if they must, since the
decision on key reliability is in their hands.

___tony___


Tony Bartoletti 925-422-3881 <azb@xxxxxxxx>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900

References:
- RE: Online Certificate Revocation Protocol
  - From: Scherling, Mark

Prev by Date: RE: Online Certificate Revocation Protocol
Next by Date: Re: Online Certificate Revocation Protocol
Previous by thread: RE: Online Certificate Revocation Protocol
Next by thread: RE: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread