Re: when can an entry not appear on a CRL?

[Juergen Walter <walter@xxxxxx>]

Paul Koning wrote:
> 
> >>>>> "Juergen" == Juergen Walter <walter@deh.de> writes:
> 
>  Juergen> Paul Koning wrote:
>  >> On a related issue, if you use "time of signature generation" how
>  >> do you know what that is?  It can't just be the timestamp in the
>  >> signature, since that would allow the thief of a key which was
>  >> revoked at time T to generate a "valid" signature by constructing
>  >> one with signing time T-epsilon.
> 
>  Juergen> This is right under the assumption that the thief can sign
>  Juergen> with signing time T-epsilon. If the signer has included an
>  Juergen> appropriate non-repudiation token (e. g. a token generated
>  Juergen> by a trusted time stamp server), then this attack fails.
> 
> Not quite.  It fails if the verifier insists that all signatures it
> verifies must be accompanied by a trusted time stamp token if they are
> to be verified to a time older than the time of verification.
> 
> The fact that the legitimate signer includes tokens doesn't prevent
> the intruder from generating signatures without tokens unless the
> verifier insists on them.
> 
This is right. A non-repudiation token has no worth unless the relying
party insists on it. I think that a pure digital signature is not
appropriate to non-repudiation. There are many scenarios. I believe that
trusted time stamp servers or notary services are necessary, whenever
non-repudiation is required. Hence, it is required that either the
relying party insists on them or the relying party initiate them.

  
-- 

Juergen