Eddy,
Eddy Nigg wrote:
Ian G:
Ah, ok, excellent, that helps with the big question: Can we
conclude from this that roots cannot be revoked by means of the
OCSP/CRL channel?
No, because it depends on the application and library implementing it I
think. Apparently it's correct for NSS.
Now IMO as the root certificate signs itself, with the same authority it
should be able to revoke itself. This would result obviously in
repeating the process until the root is removed and not used anymore,
but it would mark the root and all certificates signed by it revoked.
That would be a benefit in case of a disaster (including key compromise
- specially for the ones issuing EE certs directly from the root). Just
my $0.02.
If the root could "revoke itself", in the case of root cert key
compromise, ie. the root cert's private key becoming public, anybody
could then sign revocation information for that root CA - whether to
mark it revoked or unrevoked. The revocation therefore always has to
come from a higher level than the root cert iteslf.
There are several solutions in the case of NSS/PSM :
1) update the root cert module to one that no longer includes those root
certs
2) update the root cert module to one that includes those root certs,
but has them explicitly marked untrusted
3) without updating any software, marking the compromised root cert as
untrusted . This can be done manually in PSM .
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
