On 01/30/2009 01:25 PM, Jean-Marc Desperrier:
Paul Hoffman wrote:
[...]
That feels insufficient to me. I also disagree that there are
"practical problems of revoking a very large number of certificates".
The worst problem is that the CRL will grow; that's no big deal, it
is supposed to grow.
You *obviously* never had to handle this CRL :
http://onsitecrl.certplus.com/DIRECTIONGENERALEDESIMPOTSDIRECTIONGENERALEDESIMPOTSUSAGER/LatestCRL
Jean-Marc, I can't hold back but must tell you that these are clear
failures of the CA to assess and plan its infrastructure correctly,
assess its design and provide adequate security. A CRL with the size of
34 MB is simply useless - it's like having no CRL and no way to revoke
certificates.
Java programs just can't take it up. And J2EE is by far the most popular
application server architecture nowadays. 64 bits J2EE with an
enterprise level stability is not a reality today.
And just count how many 3% of the certs Verisign issued under it's main
CA makes.
If the CA doesn't take measures which enables it it revoke 3% of issued
certificates, then the infrastructure isn't up to its task. The EV
guidelines for example requires ongoing or yearly security planning
where issues like this must be addressed. Simply refusing to revoke the
certificates is simply not dealing with the issue.
There are various ways a CA can deal with this - even in case of
Verisign and other CAs which issue a lot of certs. Not doing so is
negligence either way, not revoking those weak and potentially
compromised keys or letting CRLs grow to non-proportional sizes.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
