Peter, "Compromised" in the context must necessarily mean "someone stole the key", because if someone "broke the crypto" - then none of the certs issued by that CA is worth the weight of electrons that carried it.
Oh, and could you please be a little more constructive?
--
V/R,
Uri
On 10/7/22, 13:05, "TLS on behalf of Peter Gutmann" <tls-boun...@ietf.org on
behalf of pgut...@cs.auckland.ac.nz> wrote:
Tim Hollebeek <tim.holleb...@digicert.com> writes:
>There’s also the problem that there’s no standard for secure proof of
>possession for revocation, despite a number of us calling for one for
years.
This is one of the 8,000 (approximately) great unresolved PKIX disagreements
where about half of PKIX thought revocation should be made as easy as
possible
to be able to deal with things like compromised keys [0] and the other half
of
PKIX thought it should be made as difficult as possible to be able to deal
with DoS via hostile revocations (during one of the interminable debates
around this, one of the participants suggested that supplicants should be
required to fly to the CA's place of business and beg them on their knees to
revoke the cert). The difficult-as-possible side mostly won in the
standards
(e.g. the CMP requirement to sign a revocation request for a key you've lost
before it can be revoked) while the easy-as-possible mostly won in practice
because that's what people actually wanted.
Peter.
[0] "Compromised" meaning someone broke the crypto, not stole the key, since
that's not supposed to happen.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
