[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Invalidity Dates

To: Al Arsenault <aarsenault@xxxxxxxxxx>
Subject: Re: Invalidity Dates
From: Andreas Berger <aberger@xxxxxxxxxxxxxxxx>
Date: Wed, 16 Dec 1998 14:14:49 +0100
Cc: Bob Jueneman <BJUENEMAN@xxxxxxxxxx>, david.solo@xxxxxxxxxxxx, Mary_Ellen_Zurko@xxxxxxxx, ietf-pkix@xxxxxxx
Organization: GMD Darmstadt
References: <>
Sender: owner-ietf-pkix@xxxxxxx

Al Arsenault wrote:
> 
> Bob,
>         The main scenario in which it's useful is when the private key has been
> compromised, particularly when the key is contained on a token such as a
> smart card or a PC card.  Suppose that I go away for a week on vacation.  I
> know that I had my token the day before I left, because I have a signed
> message (that I'm willing to admit to signing) that I sent that particular
> day. When I come back from vacation, I find that token has been stolen in a
> burglary of my home or office. I may or may not be able to pinpoint the
> date/time of the burglary.  (If my alarm monitoring system is sufficiently
> good, I may be able to pinpoint the minute of break-in.  If I have no
> alarm, I probably won't know any more than "sometime between Saturday, 21
> November at 0600 at Sunday, 29 November, at 1930".)  Regardless, since I'm

I think Al makes a good point here. We should try to clarify the
semantics of an entry in a CRL.

Personally, I think that the CRL should contain the time when the
revocation was reported to the CA. Up to this point in time the
infrastructure reports the certificate as valid. The we may add some
uncertainty period, similar to the "week of vacation" described in the
scenario above. During verification, the system can say that the
validity is "questionable" due to the reason given in the CRL along with
the revocation entry.

A similar situation exists with  a certificate on hold. For clarity
resons, if a certificate was ever set on-hold and the moved from
"on-hold" to valid again (the hold has found the card after losing it
for some days), this period should be reflected in the CRL even though
the certificate is not revoked.

What we need is that information about probable compromises is not lost
and is available identically to every user of the overall system.

Andreas
-- 
Fifty-three percent of Fortune 1000 executives think the
Arch Deluxe is something that helps to run a computer.
-- Jericho Communications

Follow-Ups:
- Re: Invalidity Dates
  - From: Juergen Walter

References:
- Re: Invalidity Dates
  - From: Al Arsenault

Prev by Date: Re: when can an entry not appear on a CRL?
Next by Date: Re: when can an entry not appear on a CRL?
Previous by thread: Re: Invalidity Dates
Next by thread: Re: Invalidity Dates
Index(es):
- Date
- Thread