From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Sat Oct 20 2001 - 08:37:12 CDT
In <20011017113139.B29163@main.templetons.com> Brad Templeton <brad@templetons.com> writes:
>On Wed, Oct 17, 2001 at 10:00:25AM +0000, Charles Lindsey wrote:
>>
>> So if A certifies that this obscure injecting site in Tibet is indeed who
>> it claims to be, and if B certifies that the obscure certifier A is indeed
>> a competent certifiers whose certificates ought to be believed, and if C
>> (who is a well-known-worldwide certifiers who claims that _everybody_
>> should trust him) certifies that B is OK (that's a chain of 4
>> certificates), and if NONE of them keep any records as to whom they have
>> certified, or the evidence they based their certification on, then how can
>> they even contemplate renewal of the certificates when they expire?
>You can't renew a certificate _after_ it expires without going through
>a repeat of the certification process. You renew a certificate before
>it expires automatically if there are no known problems with the
>certificate. You don't need to keep track of the certified, but you
>do need to keep track of revoked certificates, of course. (Not just
>the CAs, actually, but every site.)
"You" in this context is the CA? To renew any certificate SHOULD require
looking at your records to see why you certified it last time, and to see
whether those conditions still apply, and what tests need to be repeated.
OK, in the case of a simple email challenge/response certificate,
repeating the challenge may be good enough, but I would like something a
little stronger for a Usenet injecting site. And if the certificate is to
say that "Cancelmoose is to be trusted as a canceler", then the proper
response should be to say "Hey, I don't think Cancelmoose is still doing
cancels these days".
Incidentally, an odd feature of Open PGP I just noticed. A modern PGP key
has NO expiry date. Ergo, a PGP key revocation has to be kept around FOR
EVER. Even more odd is that the old 2.6.3 keys DID have expiry dates in
them.
OTOH, a PGP certificate does (or at least can) have an expiry date, so if
the certificate gets revoked, you don't need to keep the revocation beyond
the time the certificate expires.
>> Clearly, they are all incompetent, which means that no site is likely to
>> trust any of them. Certainly I wouldn't. And in such a lax regime, how
>> easy would it be for Hipcrime to get a plausible looking certificate?
>A certificate to do what?
Hipcrime is a specialist at locating organisations with lax security. I am
sure he could easily obtain a plausible-looking certificate to do
something unpleasant. The only defence is for people who trust certificates
to ensure that they only trust certificates from well-run organisations.
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5