Hi all, David Schwartz wrote: >> Can you please elaborate on how would the higher-layer security >> infrastructure go about this? > > Simply put, whatever put the certificate in its trusted position is what is > to remove it. If a CA says to trust a certificate, that CA can say not to. > But if the certificate is self-signed, the trust came from the user who said > to trust it (or some other mechanims outside the scope of the certificate > verification scheme). That same mechanism is the only thing that can say to > stop trusting it.
I would not say so. If I found a CRL which contains the self signed root certificate I would stop to trust it immediately. Why should I not trust a CRL issued by a root CA that I trust? Remember: The trust has to be established before, but when you already trust the CA, you can trust CRLs issued by it. Even if the root CAs key was compromised, I would not care if the CRL was issued by the attacker or the CA itself. I agree that it makes sense to have higher level protocols that take care of root CA revocation and trust anchor management, but in my opinion not evaluating a CRL which revokes the root is missing a chance of good CA practise and taking an unnecessary risk... Cheers, Olaf -- Olaf Gellert _ - __o gell...@arasca.de _- _`<,_ http://www.arasca.de/ - (_)/ (_) ---------------------------------------------------------------------- Due to circumstances beyond your control you are master of your fate & captain of your soul. ---------------------------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
