Thanks to you all for taking the time for discussing this. Earlier, Nelson said: > ... I imagine you see it as another > for your growing list of potentially fatal PKI flaws.
Yes, it is important to get the case down in writing, as future designers and architects need to learn the lessons of the past. If I can't make the case in writing, then maybe there is no case? I've just written this aspect of root revocation / single point of failure up. Criticisms welcome; http://iang.org/ssl/pki_considered_harmful.html#single_pof > The idea that once a (root) CA revokes itself the client will remember > that forever simply flies in the face of the defined standard algorithms > for the processing of CRLs. Not that it couldn't work, but the standards > don't require it. Existing PKI software doesn't do it. That I think is the sum of it. It seems that it goes into the list of things that are historically set and only a bit of luck will unearth why it happened that way. For once Lynn was stumped, which is a first for me ;-) > In some sense, what you're proposing is that a root CA CRL that revokes > itself should be treated as one that never expires, never will be replaced, > and should be kept forever. That might be workable. Hmm, don't know about that. I suppose the danger is that if I am proposing any change, we'll all end up wanting to change things, and then we'll be into the redesign. > *You* sell DoDUS on > it. :) LOL... I think it is fairly clear that my powers of persuasion are not up to convincing anyone of any change in PKI. I'm curious what you mean by DoDUS - is that the Dept. of Defense in the US? What have they got to do with it? iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
