Re: revocation of roots

Wed, 22 Oct 2008 16:31:25 -0700 

Julien R Pierre - Sun Microsystems wrote:
> Paul Hoffman wrote:
>> At 4:39 PM +0100 10/22/08, Gervase Markham wrote:
>>> Julien R Pierre - Sun Microsystems wrote:
>>>> If the root could "revoke itself", in the case of root cert key
>>>> compromise, ie. the root cert's private key becoming public, anybody
>>>> could then sign revocation information for that root CA - whether to
>>>> mark it revoked or unrevoked.
>>> Leaving aside the question of what the standards say for just a moment,
>>> what's wrong with that in principle? If you know a private key has been
>>> compromised, most of the time you still have the key - so why shouldn't
>>> or couldn't it be used to sign its own suicide note?
>>
>> Quite right. The flip side of this is that if *anyone* other than the
>> person who generated the key pair has they public key, they *should*
>> sign the suicide note and distribute it because if they have it, a bad
>> actor could have it as well.


I think we all understand that the basic concept of a root-signed
self-revocation is workable, in principle, at the information level.

There may be substantial implementation questions...


> Yes, they should ... But the big question is how do they actually do
> that and get software to take notice of that suicide note ?


Is there any reason why the message cannot be delivered by the
current channels?  CRL, OCSP?  Leaving aside the standards question,
that is...

Is a self-reference in a CRL or OCSP:

    defined?  Banned?  Undefined?  Going to cause chaos?

(Where, Chaos is defined as making matters worse for the software
that otherwise has to deal with a rogue root out in the wild serving
up the devil's contract every 3rd packet to grandma...)

It would seem that, if the root list is delivered by party A, and
the software is written by party A, and the revocation is
distributed to software of party A, then it should all tie together.

(Yes there will be some issues with party B.  Refer to definition of
chaos.)


> Updating software with a new root module is a lot simpler. Of course
> that process has its own set of security issues as well.


Hey, if it's good enough for Debian ... ;)



iang

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to