On 30-07-2013 20:53, Walter H. wrote:
On 30.07.2013 19:51, Eisenacher, Patrick wrote:
I was wondering how the root cert gets revoked. Anyway thanks for
posting
that request.
A self-signed certificate can't be revoked via a crl, because you
won't be able to successfully verify its signature.
keep in mind, that in case you detect a problem with your root
certificate, you can revoke this cert, but have to use a different
cert. for signing this CRL
Only if you intentionally misread the specs!
Any revocation of a cert (self-signed or not) has to trace back
to the trusted self-signed cert. So revoking a self-signed cert
(root or not) will always cancel out its own validity. Which is
exactly the intended semantics of a root abdication.
Now if an implementation misreads the specs to say that a root that
has revoked itself should still be trusted, is fatally flawed in its
logic.
In Boolean logic, we have the following possibilities:
- Root is trusted, so the revocation is valid, so the root is not
trusted. This is a contradiction so cannot hold.
- Root is not trusted, by elimination this must be true.
You have to communicate this fact out-of-band.
I never understood why some root-cas put a crldp extension into their
own certs.
this has sense in any cert except the root (self-signed) cert.
It makes sense for any non-broken client implementation.
Ideally, such roots keep an off-line copy of a pre-signed self-
revocation CRL, similar to the procedure used by experienced PGP
users (those who actually read the PGP 2.x manual). In case of
combined key compromise and loss, the off-line CRL is published,
thereby revoking the entire hierarchy.
The worst case disaster scenario is a large scale armed attack on the
center that keeps the private key. The attackers now have exclusive
control of the private key. But a far away trusted person can still
retrieve the self-destruction CRL and publish it through every means
imaginable, such as S/MIME e-mails (PEM style), sending it to software
update organisations (Microsoft, Mozilla, Apple, Google...) and for
all but one country, getting IANA/Internic assistance to force repoint
the DNS names of the CRL server to another server that serves up this
CRL and a message about the compromise.
The less worst case disaster scenario is an ordinary key compromise,
where the CA still has the private key and can sign a more precisely
dated revocation CRL and put the OCSP server in "all is revoked" mode.
Unfortunately, OpenSSL is broken and will apparently ignore all such
emergency messages.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
