Joseph Doekbrijder wrote:
Ed Gerck wrote:
to send encrypted email to many people you need each recipient's cert
(and you also
want to make sure they are not revoked at the time they receive the
message, which
is yet another problem).
Why does the sender need to make sure that the encryption certificate of
the receiver is not revoked at the time the message is received?
IMHO this is irrelevant. (Otherwise one would not be able to read very
old messages, etc...)
Suppose you encrypt a message to Bob at time T, using Bob's PK cert that
is not revoked at time T (as you verify the CRL). Due to email delays, the
message is delivered at time T + D, at which time Bob's PK cert has been
revoked due to key compromise reported by Bob after time T but before T + D.
The end result is that, unwillingly, you sent Bob an insecure message because
you used his compromised key.
This risk, while not fully preventable, can be reduced. For example, suppose
you estimate that the email delay will not be larger than 5 minutes. You verify
a CRL for Bob's cert and, if the CRL was issued more than 5 minutes ago, wait
for the next CRL and send the email within 5 minutes of its publication. This
can be easily automated by you, using the freshestCRL field.
Cheers,
Ed Gerck