Re: revoking a self-signed certificate
Hi all, David Schwartz wrote: Can you please elaborate on how would the higher-layer security infrastructure go about this? Simply put, whatever put the certificate in its trusted position is what is to remove it. If a CA says to trust a certificate, that CA can say not to. But if the certificate is self-signed, the trust came from the user who said to trust it (or some other mechanims outside the scope of the certificate verification scheme). That same mechanism is the only thing that can say to stop trusting it. I would not say so. If I found a CRL which contains the self signed root certificate I would stop to trust it immediately. Why should I not trust a CRL issued by a root CA that I trust? Remember: The trust has to be established before, but when you already trust the CA, you can trust CRLs issued by it. Even if the root CAs key was compromised, I would not care if the CRL was issued by the attacker or the CA itself. I agree that it makes sense to have higher level protocols that take care of root CA revocation and trust anchor management, but in my opinion not evaluating a CRL which revokes the root is missing a chance of good CA practise and taking an unnecessary risk... Cheers, Olaf -- Olaf Gellert_ - __o gell...@arasca.de _- _`,_ http://www.arasca.de/ - (_)/ (_) -- Due to circumstances beyond your control you are master of your fate captain of your soul. -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: revoking a self-signed certificate
Olaf Gellert: I would not say so. If I found a CRL which contains the self signed root certificate I would stop to trust it immediately. Why? What do you think that CRL means? Specifically, do you think it means the public key was compromised? Do you think it means the issuer of the original certificate no longer wants you to trust it? Why should I not trust a CRL issued by a root CA that I trust? You should trust a CRL when it revokes certificates that you trust specifically because they're not on that CRL. Remember: The trust has to be established before, but when you already trust the CA, you can trust CRLs issued by it. Even if the root CAs key was compromised, I would not care if the CRL was issued by the attacker or the CA itself. Right, but you have to know what the CRL means. In some alternate universe where that means no longer trust the public key that this certificate signs or no longer trust the root certificate that's in this CRL, then you might choose to stop trusting the trust anchor. But in this universe, it doesn't mean any of those things. I agree that it makes sense to have higher level protocols that take care of root CA revocation and trust anchor management, but in my opinion not evaluating a CRL which revokes the root is missing a chance of good CA practise and taking an unnecessary risk... The problem is that it doesn't mean anything. A certificate being in a CRL does not mean the certificate's public key has been compromised. The mechanism you are describing simply doesn't exist. Maybe it could exist, maybe it should, but it doesn't. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: revoking a self-signed certificate
There is currently no automated protocol for doing this. There is currently an effort at PKIX for a Trust Anchor Management Protocol, though, which would allow for tools to be made cross-platform. Also, self-signed CAs are basically never checked for expiration. (The 'trust anchor' is technically the public key, not the identity information strongly bound to the public key in the certificate.) -Kyle H On Mon, Jan 26, 2009 at 9:28 PM, PS mytechl...@gmail.com wrote: Can you please elaborate on how would the higher-layer security infrastructure go about this? To me, it just seems impossible to do this and the issue might only be mitigated by spreading awareness by an out-of-band means but not eliminated until ofcourse, the self-signed CA certificate expires. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
revoking a self-signed certificate
Hi All, Is it possible to revoke a self-signed CA certificate? If yes, then I dont understand why it should be allowed. It does not make sense. The only reason a root CA would want to revoke its own certificate is if its private-key might have been compromised. So, the CA would want to revoke its certificate and create a new CRL. But since the private-key is compromised, the attacker can always use the private-key (of the CA), and create a yet new CRL and distribute. This looks like a chicken and egg problem because you are trusting a CRL-list sent by a CA and the CRL mentions not to trust the very same CA since its certificate is revoked. What is the solution to this problem? Any insights?
Re: revoking a self-signed certificate
A self-signed CA certificate (technically, a trust anchor) cannot be revoked via CRL. This is assumed to be a function of the higher-layer security infrastructure which led to the trust anchor being trusted in the first place, and is outside the scope of CRL. -Kyle H On Mon, Jan 26, 2009 at 9:17 PM, PS mytechl...@gmail.com wrote: Hi All, Is it possible to revoke a self-signed CA certificate? If yes, then I dont understand why it should be allowed. It does not make sense. The only reason a root CA would want to revoke its own certificate is if its private-key might have been compromised. So, the CA would want to revoke its certificate and create a new CRL. But since the private-key is compromised, the attacker can always use the private-key (of the CA), and create a yet new CRL and distribute. This looks like a chicken and egg problem because you are trusting a CRL-list sent by a CA and the CRL mentions not to trust the very same CA since its certificate is revoked. What is the solution to this problem? Any insights? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: revoking a self-signed certificate
Can you please elaborate on how would the higher-layer security infrastructure go about this? To me, it just seems impossible to do this and the issue might only be mitigated by spreading awareness by an out-of-band means but not eliminated until ofcourse, the self-signed CA certificate expires. On Mon, Jan 26, 2009 at 9:20 PM, Kyle Hamilton aerow...@gmail.com wrote: A self-signed CA certificate (technically, a trust anchor) cannot be revoked via CRL. This is assumed to be a function of the higher-layer security infrastructure which led to the trust anchor being trusted in the first place, and is outside the scope of CRL. -Kyle H On Mon, Jan 26, 2009 at 9:17 PM, PS mytechl...@gmail.com wrote: Hi All, Is it possible to revoke a self-signed CA certificate? If yes, then I dont understand why it should be allowed. It does not make sense. The only reason a root CA would want to revoke its own certificate is if its private-key might have been compromised. So, the CA would want to revoke its certificate and create a new CRL. But since the private-key is compromised, the attacker can always use the private-key (of the CA), and create a yet new CRL and distribute. This looks like a chicken and egg problem because you are trusting a CRL-list sent by a CA and the CRL mentions not to trust the very same CA since its certificate is revoked. What is the solution to this problem? Any insights? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: revoking a self-signed certificate
Also, does openssl allow a CA to revoked its own self-signed certificate? What happens when during the openssl verify, it finds that the CRL given by CA contains the CA-certificate in the revoked list? On Mon, Jan 26, 2009 at 9:28 PM, PS mytechl...@gmail.com wrote: Can you please elaborate on how would the higher-layer security infrastructure go about this? To me, it just seems impossible to do this and the issue might only be mitigated by spreading awareness by an out-of-band means but not eliminated until ofcourse, the self-signed CA certificate expires. On Mon, Jan 26, 2009 at 9:20 PM, Kyle Hamilton aerow...@gmail.com wrote: A self-signed CA certificate (technically, a trust anchor) cannot be revoked via CRL. This is assumed to be a function of the higher-layer security infrastructure which led to the trust anchor being trusted in the first place, and is outside the scope of CRL. -Kyle H On Mon, Jan 26, 2009 at 9:17 PM, PS mytechl...@gmail.com wrote: Hi All, Is it possible to revoke a self-signed CA certificate? If yes, then I dont understand why it should be allowed. It does not make sense. The only reason a root CA would want to revoke its own certificate is if its private-key might have been compromised. So, the CA would want to revoke its certificate and create a new CRL. But since the private-key is compromised, the attacker can always use the private-key (of the CA), and create a yet new CRL and distribute. This looks like a chicken and egg problem because you are trusting a CRL-list sent by a CA and the CRL mentions not to trust the very same CA since its certificate is revoked. What is the solution to this problem? Any insights? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: revoking a self-signed certificate
Can you please elaborate on how would the higher-layer security infrastructure go about this? Simply put, whatever put the certificate in its trusted position is what is to remove it. If a CA says to trust a certificate, that CA can say not to. But if the certificate is self-signed, the trust came from the user who said to trust it (or some other mechanims outside the scope of the certificate verification scheme). That same mechanism is the only thing that can say to stop trusting it. To me, it just seems impossible to do this and the issue might only be mitigated by spreading awareness by an out-of-band means but not eliminated until ofcourse, the self-signed CA certificate expires. It's not impossible. Just use the same technique that installed the self-signed certificate to uninstall it. If you could get it trusted somehow, why can't you get it untrusted that same way? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org