On 12/07/2011 09:11 AM, [email protected] wrote:
Another wrinkle, at least as a logic problem, would be whether you can revoke the signing cert for a CRL and what, exactly, would that mean -- particularly if the last known good date is well astern and hence the revocation would optimally be retroactive.
It's now clear that, aside from it being ineffectually implemented, 'revocation' is an oversimplified concept.
There are at least two kinds of revocation: revocation that revokes prior signatures retroactively (perhaps from a specified date), and revocation that does not.
Originally, public key systems were said to possess deliver this property of 'nonrepudiation', meaning a digital signature could effectively authenticate the intent of the party associated with the private key. However, today such a large percentage of endpoint systems (on which the private keys are held) are infected with info-stealing malware that most everyone has plausible deniability about what is signed with their private keys. (Exceptions being perhaps hardware systems that have not been hacked yet and "trust" vendors whose organizations are specifically built on their expertise at handling private keys.)
So current revocation schemes attempt to preserve nonrepudiation in an attempt to make digital signatures more like binding ink signatures on a contract.
But automated systems checking for signatures are usually authenticating server certs or validating signed code for execution. In these cases, we definitely need the party who has been compromised to be able to repudiate the evil things that have been been signed by their private key.
So it seems to me that PKI systems were designed with some sort of leagalistic contract-binding model in mind, when in turns out in practice that security (even of ecommerce transactions) depends more on an efficient repudiation mechanism than the prevention of it!
- Marsh _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
