"Perry E. Metzger" <pe...@piermont.com> writes:

>Inspired by recent discussion, these are my theses, which I hereby nail upon
>the virtual church door:

Are we allowed to play peanut gallery for this?

>1 If you can do an online check for the validity of a key, there is no
>  need for a long-lived signed certificate, since you could simply ask
>  a database in real time whether the holder of the key is authorized
>  to perform some action.

Based on the ongoing discussion I've now had, both on-list and off, about
blacklist-based key validity checking [0], I would like to propose an

  The checking should follow the credit-card authorised/declined model, and
  not be based on blacklists (a.k.a. "the second dumbest idea in computer
  security", see

(Oh yes, for a laugh, have a look at the X.509 approach to doing this.  It's
eighty-seven pages long, and that's not including the large number of other
RFCs that it includes by reference: http://tools.ietf.org/html/rfc5055).

> The signed certificate is completely superfluous.

This is, I suspect, the reason for the vehement opposition to any kind of
credit-card style validity checking of keys, if you were to introduce it, it
would make both certificates and the entities that issue them superfluous.


[0] It's kinda scary that it's taking this much debate to try and convince
    people that blacklists are not a valid means of dealing with arbitrarily
    delegatable capabilities.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to