[Top] [All Lists]

Re: Comments on CMS-06

1998-08-30 16:34:47
I think there are several issues here. Perhaps some are sufficiently
obvious that they don't need mentioning.

A signature can be cryptographically valid but not of much value because
the signing certificate has been revoked or there is some other path
validation error as has been pointed out.

The whole area become muddied when the message being verified is not
recent: it has either been delayed or has been previously stored. It is
possible that a message was valid when it was sent but is no longer
valid due to certificate revocation or expiry.

An example of this would be a certificate that has been revoked due to
private key compromise. A bogus signed message could be built containing
a signingTime before the certificate was revoked.

Unless some additional timestamp corroboration is available (e.g.
countersignature from a timestamping authority) it may be necessary to
regard every message ever signed by such a revoked certificate as
invalid. Messages signed in the past may well not be invalid but they
cannot be demonstrated as such.

Even with a trusted timestamp, a CA may allow a user to specify a time
when they believe the private key was compromised that is in the past:
how far in the past may vary from one CA to another. The upshot of this
is that a signed message may only be deemed to be of value when a
"reasonable time" has passed after its initial issue. What constitutes a
"reasonable time" is anyones guess...

There are of course other revocation reasons (such as loss of private
key) that do not affect previously signed messages.

Dr Stephen N. Henson. UK based freelance Cryptographic Consultant. 
For info see homepage at
Email: shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk
PGP key: via homepage.

<Prev in Thread] Current Thread [Next in Thread>