Julien R Pierre - Sun Microsystems wrote: > Paul Hoffman wrote: >> At 4:39 PM +0100 10/22/08, Gervase Markham wrote: >>> Julien R Pierre - Sun Microsystems wrote: >>>> If the root could "revoke itself", in the case of root cert key >>>> compromise, ie. the root cert's private key becoming public, anybody >>>> could then sign revocation information for that root CA - whether to >>>> mark it revoked or unrevoked. >>> Leaving aside the question of what the standards say for just a moment, >>> what's wrong with that in principle? If you know a private key has been >>> compromised, most of the time you still have the key - so why shouldn't >>> or couldn't it be used to sign its own suicide note? >> >> Quite right. The flip side of this is that if *anyone* other than the >> person who generated the key pair has they public key, they *should* >> sign the suicide note and distribute it because if they have it, a bad >> actor could have it as well.
I think we all understand that the basic concept of a root-signed self-revocation is workable, in principle, at the information level. There may be substantial implementation questions... > Yes, they should ... But the big question is how do they actually do > that and get software to take notice of that suicide note ? Is there any reason why the message cannot be delivered by the current channels? CRL, OCSP? Leaving aside the standards question, that is... Is a self-reference in a CRL or OCSP: defined? Banned? Undefined? Going to cause chaos? (Where, Chaos is defined as making matters worse for the software that otherwise has to deal with a rogue root out in the wild serving up the devil's contract every 3rd packet to grandma...) It would seem that, if the root list is delivered by party A, and the software is written by party A, and the revocation is distributed to software of party A, then it should all tie together. (Yes there will be some issues with party B. Refer to definition of chaos.) > Updating software with a new root module is a lot simpler. Of course > that process has its own set of security issues as well. Hey, if it's good enough for Debian ... ;) iang
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto