On Fri, Jun 19, 2020 at 07:15:31AM +0200, Jannis Pinter wrote: > On 19.06.20 01:21, Matt Palmer wrote: > > Another use case I can think of is analogous to the PGP concept of a > > "revocation certificate". Consider the case where, for whatever reason, an > > ordinary user of an ACME CA loses access to the private key used in a > > certificate or ACME account, and wishes to notify the CA that the key should > > no longer be trusted. While it is possible to deactivate an account if you > > have the private key, you cannot do so if the keys have been abstracted and > > then destroyed -- say, in a randomware+blackmail attack, which are, sadly, > > all too common. > > It is not strictly necessary to hold either the account key which was > used to issue the certificate or the private key belonging to the > certificate.
That's true if you want to revoke a certificate, but how do you deactivate an account without access to the private key? Let's say I've lost control of the key for my account, but not the keys to certificates issued by that account (management server got popped, but not the end nodes). I'd prefer it if an attacker couldn't mass-revoke all the certificates issued under that account while I work through getting all the certificates re-issued under a new account (due to rate limits, this could take some time for a large number of certificates). - Matt _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
