[cryptography] How are expired code-signing certs revoked?

Marsh Ray marsh at extendedsubset.com
Wed Dec 7 10:54:05 EST 2011


On 12/07/2011 09:11 AM, dan at geer.org wrote:
>
> Another wrinkle, at least as a logic problem, would be
> whether you can revoke the signing cert for a CRL and
> what, exactly, would that mean -- particularly if the
> last known good date is well astern and hence the
> revocation would optimally be retroactive.

It's now clear that, aside from it being ineffectually implemented, 
'revocation' is an oversimplified concept.

There are at least two kinds of revocation: revocation that revokes 
prior signatures retroactively (perhaps from a specified date), and 
revocation that does not.

Originally, public key systems were said to possess deliver this 
property of 'nonrepudiation', meaning a digital signature could 
effectively authenticate the intent of the party associated with the 
private key. However, today such a large percentage of endpoint systems 
(on which the private keys are held) are infected with info-stealing 
malware that most everyone has plausible deniability about what is 
signed with their private keys. (Exceptions being perhaps hardware 
systems that have not been hacked yet and "trust" vendors whose 
organizations are specifically built on their expertise at handling 
private keys.)

So current revocation schemes attempt to preserve nonrepudiation in an 
attempt to make digital signatures more like binding ink signatures on a 
contract.

But automated systems checking for signatures are usually authenticating 
server certs or validating signed code for execution. In these cases, we 
definitely need the party who has been compromised to be able to 
repudiate the evil things that have been been signed by their private key.

So it seems to me that PKI systems were designed with some sort of 
leagalistic contract-binding model in mind, when in turns out in 
practice that security (even of ecommerce transactions) depends more on 
an efficient repudiation mechanism than the prevention of it!

- Marsh



More information about the cryptography mailing list