On 18/03/16 14:09, Salz, Rich wrote:
Steve, I know very well how the existing IETF mechanisms for revocation (i.e.
CRL and OCSP) work. But I don't see why that should mean that new
revocation mechanisms can't be invented, especially if those new
mechanisms can thwart attacks that CRL and OCSP can't.
And it would also require changes to CT, no?
No. Revoking intermediate keys is one way to defeat DKG's attack. If
we decide that this is _the_ way that we plan to defeat DKG's attack,
then we (for some value of "we") will need to define such a mechanism,
but CT won't need to be changed.
I think raw key stuff is out of scope for now.
Indeed. Revocation is out of scope for CT anyway.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
