Ian G wrote:
On Wednesday 25 May 2005 19:00, Nelson B wrote:
Ah, I was wondering when paradoxes would enter this discussion.
CA self revocation: Everything I say is a lie.
"I think not" said Descartes, who promptly vanished.
LOL, very humourous :-)
I'm glad you were amused by that analogy of a self-revoking CA (and
understood the reference). Here's another one.
"On second thought" said Descartes, reappearing...
Still, Nelson, this is a serious question -
I believe you are serious about it. I imagine you see it as another
for your growing list of potentially fatal PKI flaws.
and I'd be interested in the answer.
OK.
To be honest, it looks like a simple absence in the
specs. That is, the PKI people didn't think about it
in implementation terms, and left it out.
No, it's actually excluded. The thing we (mozilla/NSS folk) call a
"trusted root" is more formally known as a "trust anchor".
Trust anchors are, by definition, trusted as the terminus of a cert
chain validation. The signature on a trust anchor is not verified
as part of validating a chain that terminates at the trust anchor.
They are not checked for revocation as part of validating a chain for
which they are the anchors.
The point is that maintenance of the user's set of trust anchors is
outside of the scope of activities performed while validating cert
chains that terminate at known trust anchors. The determination of
what certs are trust anchors is outside of the scope of the validation
of cert chains.
It's obviously
a huge lack, as it means that many markets would
not use PKI due to the single point of failure aspects.
Huge markets for mozilla?
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
