ietf-mailsig
[Top] [All Lists]

Re: In response to Housley-mass-sec-review

2005-03-08 13:29:38

Andrew Newton wrote:



On Mar 8, 2005, at 11:06 AM, Jim Fenton wrote:

This goes beyond control of the name servers; this would require a feedback loop based on name server activity, which is a new requirement. Perhaps revocation identifiers would only be used by domains that are capable of monitoring the activity on their authoritative name servers.


If the use of revocation IDs is optional, then this is not a requirement. Even with their use, this is not a requirement.

Agreed.


Suppose my verifying MTA accepted a replayed message before the revocation got published, but I was on vacation for a month before reading it. The MTA would verify the signature and mark the message with a header to indicate that, so the signing key doesn't need to be retained that long. But the revocation indicator, since it would be checked when I read the message, would need to be available until then.


Isn't this an attempt to use the revocation ID outside the scope of replay? I don't understand the point of doing this.

Yes, it is. Since we lost the context here, we're discussing the idea of re-checking the revocation indicator when the message is read. The message may be read well beyond the validity of the signature, which is the scope of replay. It isn't necessarily a problem keeping the revocation IDs a long time, but it isn't obvious how long that is.

-Jim

-Jim


-andy



<Prev in Thread] Current Thread [Next in Thread>