pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: COST-PEM Certificate Validation and CRLs

1993-06-14 09:39:00
from [gvb] [Permanent Link] 
Sead, perhaps I am just dense.


3.   RECEIVING  LETTERS:  When I receive the COST-PEM letter
from  my  partner,  the  letter   will   contain   partner's
(Originator)  and  his/her CA's (Issuer) certificates.  Lets
say  that  my  partner  is  in  the  subtree  with   changed
(therefore  revoked) certificates, as in 2.  If I don't have
my partner's complete certification path (received earlier),
I will  issue  the  request  to  his/her  CA,  get  all  the
currently  VALID  certificates and perform validation.  If I
happen to have earlier all the certificates along  his  path
(some of them revoked !), my validation will FAIL, so I will
ask  the  new  valid  certificates  again  and  successfully
validate his/her certificate.


Case 3a:  Partner's key is stolen by Fagin.  Partner's cert
is CRL'd and partner gets a new certificate from CA.  Meanwhile
Fagin sends me Swiss account number to which to transfer much
geld.  According to point 3, since I had previously fetched
all certificates on path, Fagin's letter signed with the OLD,
REVOKED key under the old certificate works fine and I guess
I would lose the money?

Case 3b:  A famous crime family decides to establish a CA for
the purpose of facilitating e-mail fraud.  Unfortunately CNRI,
trying to act civilized and avoid criticism such as Ross Perot
recently received, does *not* conduct background checks on the
applicants so it issues a certificate for this CA.  Several
years later after issuing *many, many* certificates to popular
junk email houses, it becomes true that 80% of the world's email
recipients have received junkmail from entities certificated by
this CA, so most of them have that CA and CNRI cached locally.
Finally the nefarious CA is exposed and the whole CA is CRL'd
by CNRI.  However according to point 3 since most mail recipients
already had the path cached most would continue to believe mail
covered by that CA's certificates?

These cases appear to be consistent with what point 3 seems to mean.
The appearance is at least to me that you are dealing with the case
of a nonfraudulent message received from someone whose certificate
had changed and is now using a new certificate.  However since the
only way in which COST's attention is drawn to this event is the
receipt of new, legitimate mail from the same entity, it seems that
you provide *no* protection from fraud until that stimulus arrives.

Please show where I have misunderstood you.  Thanks!

Greg Bailey
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: (Non-PEM) self-signed certifi, Robert W. Shirey
Next by Date:  Re: More on COST SET OF coding, John Lowry
Previous by Thread:  Re: COST-PEM Certificate Validation and CRLs, John Lowry
Next by Thread:  COST-PEM Certificate Validation and CRLs, Steve Kent
Indexes:  [Date] [Thread] [Top] [All Lists]