Tim Hollebeek <tim.holleb...@digicert.com> writes:
>There’s also the problem that there’s no standard for secure proof of
>possession for revocation, despite a number of us calling for one for years.
This is one of the 8,000 (approximately) great unresolved PKIX disagreements
where about half of PKIX thought revocation should be made as easy as possible
to be able to deal with things like compromised keys [0] and the other half of
PKIX thought it should be made as difficult as possible to be able to deal
with DoS via hostile revocations (during one of the interminable debates
around this, one of the participants suggested that supplicants should be
required to fly to the CA's place of business and beg them on their knees to
revoke the cert). The difficult-as-possible side mostly won in the standards
(e.g. the CMP requirement to sign a revocation request for a key you've lost
before it can be revoked) while the easy-as-possible mostly won in practice
because that's what people actually wanted.
Peter.
[0] "Compromised" meaning someone broke the crypto, not stole the key, since
that's not supposed to happen.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
