On Wed 2015-05-13 19:36:51 -0400, Ted Hardie wrote: > So, the point I'm getting at is that the system ought to provide > an automated way to request revocation if the requester can meet > the same bar as it would take to request or renew a certificate. If 42 > is one of the ways to meet that bar, well and good. If 42 is not one > of the ways to meet the original bar, then putting effort to automating > revocation on that basis seems off to me.
There is at least one scenario where automated revocation seems
legitimate but automated issuance does not: posession of the
end-entity's secret key.
That is: If i have the secret key, i *also* need to prove something else
(control of the domain) to get a certificate issued. But if i have the
secret key to an already-issued certificate, i should not need to prove
control of the domain to get the certificate revoked.
If I compromise your secret key, the nicest possible thing i can do with
it is get it revoked. There is no reason to prevent this action from
anyone who has access to the secret key.
I think i like Russ's first suggestion best:
>> ACME certificate management must, in an automated manner, allow an
>> authorized party to request revocation of a certificate.
because it lets the WG (and implementers/deployers) decide to include
types of authorization that might be relevant for revocation but not for
issuance, while still covering the general case.
--dkg
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
