Weger, B.M.M. de wrote:
- if they rely on the CA for signing CRLs (or whatever revocation mechanism they're using) then they have to find some other way to revoke existing certificates.
...
Seems to me that for signing CRLs it's better to have a separate "Revocation Authority" (whose certificate should be issued by the CA it is revoking for); then revoking can continue when the CA loses its private key. The CA still may have revoking authority as well, at least to revoke the Revocation Authority's certificate...
Unfortunately those code paths seem rarely traveled/tested between implementations and even within a single implementations fraught with caveats; so one often ends up with a (sub) CA in the same chain as the cert one wants to revoke.
> Any other problems? Maybe something with key rollover or > interoperability? Aye - and there is another area which is even less traveled than above. Dw --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com