> No, it does not make any sense at all. An error code is unsigned and can be > easily inserted into the communication by an attacker.
[Piyush] Funny that you make this argument. How does returning a signed revoked address this? Attacker can still replace signed revoked with an UNSIGNED TRY_LATER. > These kinds of argument are based on two very flawed premises: > > (1) the premise that there exist only two possible states for a CA: > (a) safe and pristine > (b) full and thorough compromise of each and everything [Piyush] NIST has addressed RA compromise and CA key compromise separately so this is not true. And you have not listed what other breaches you are trying to address offering revoked for non-issued as the silver bullet for all those unknown security breaches. You tendency to allude to vague problems to justify a particular solution, couple with a reluctance to engage in a discussion regarding the security implications continues to amuse me. List the other states and have a discussion around how this solution solves those problems.> > (2) that a huge PKI (100k+ entities) can be nuked and > re-personalized after a CA compromise at close to zero cost and > within the blink of an eye and both premises exhibit a throrough cluelessness about security, risk > management and the real world. Let's get this right. Only possible benefit of revoked for non-issued exists when there are CA SIGNED certificates floating in the wild and CA has no clue that it has issued it and therefore cannot revoke it. Now, to say that clients are secure and CA can continue to operate if it issues revoked OCSP response for such certificate indicates cluelessness about security. Customers pay a lot of money for certificates for which the marginal cost of issuance is almost 0. CAs obligation is to make sure that they are secure and to address any breach securely. To say that customers will tolerate a CA security breach just because it issues revoked for non-issued and continues to publish CRLs that imply fraudulent certificates as good indicates cluelessness about risk management and real world. _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
