"Phillip Hallam-Baker" <[EMAIL PROTECTED]> writes:
>>FYI, according to outlook express you a mail message was signed but after
>>clicking the security icon I am told that "You have turned off revocation
>>checking." with no way of turning it on. As far as I'm concerned, the
>>message is cryptographically sound but essentially useless because I don't
>>know you or have any way of verifying that the certificate is still valid.
>
>Revocation checking is important, and in point of fact something that is not
>really supported in the PGP architecture unless one counts the self signed
>key revocations.
Technically speaking it's not really supported by X.509 either because CRL's
don't really work (see for example the FC'99 proceedings for more details on
this, along with suggestions on how to fix it). The reason why revocation
checking is disabled by default is a pragmatic one, in practice it acts as a
"Delay processing each message by a minute or two" facility (or at least it did
a year or so back), so by disabling it by default the vast masses (who don't
know or care about it) get their PKI warm fuzzies, and those who turn it on get
what they asked for (I don't use Outlook but if I did I'd certainly have it
turned off). This isn't a problem with Outlook or MS (for once :-) but a
problem with the whole CRL concept. Solutions are things like online checks
(but do you really want your MUA to have to have to grope around the net for
each message you read?) or some of the alternatives presented at FC'99 like
short-lived certs or certificates of health. An option which I like (because
it's efficient and fast) is to have a BIND-style daemon which snarfs CRL's
from wherever[0] every now and then and answers validity check queries very
quickly (millisecond response time, so the user won't even notice it's
happened). I hope to have a paper on this out RSN.
Peter.
[0] Determining just where "wherever" is is yet another problem.
