Ian G <[EMAIL PROTECTED]> writes: >On Wednesday 11 May 2005 15:02, Ram A Moskovitz wrote:
>> Why can't revocation be used to prevent further distribution of >> dangeriously flawed software as well as malicious software? How about >> disabling the use of the software? >Revocation has never been used under fire. Many >would expect it to fold up and collapse under the >slightest attack, it's simply too complex, too much >of a paper solution to risk real value on, IMHO. It's already happened, Verisign were pretty much wiped out last year when one of their certs expired, resulting in a massive DDoS on crl.verisign.com. Now imagine what would happen if revocation checking were properly done in all clients, where you'd get a DDoS that makes last year's one look trivial and that continues 24/7. Then consider the economic perspective. Maintaining the infrastructure to support that sort of massive demand will cost a considerable amount of money. OTOH once the customer has paid for their cert, their financial obligations to the CA are over. The only option then is either to charge for revocation checks (which no user will ever pay for, only Indentrus can get away with that, and look where that's got them), or to make it so ineffective that it doesn't provide any resource/financial drain on the CA. There's simply no way to do revocation checking in any kind of effective manner, you can either make it effective but expensive so no-one will use it, or cheap but ineffective so it just becomes a ritual to ward off evil spirits. Peter. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
