[cryptography] How are expired code-signing certs revoked?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Dec 7 16:38:55 EST 2011

Marsh Ray <marsh at extendedsubset.com> writes:

>Originally, public key systems were said to possess deliver this property of
>'nonrepudiation', meaning a digital signature could effectively authenticate
>the intent of the party associated with the private key.

Uhh, they were never said to deliver this property by anyone who knew anything
about law, they were simply declared to have it by mathematicians and
standards committees:

  The term "repudiation" has a specific legal meaning but this has nothing to
  do with the use of the term in certificates, and there seems to have been
  little to no input from lawyers into the PKI standards that were meant to be
  used for digital signatures (it's always amusing watching heated arguments
  in standards groups over what both sides think that lawyers might advise if
  they actually asked them).  In particular, disabusing geeks of the notion
  that what's referred to in crypto/PKI theory as nonrepudiation actually
  means anything in a real-world legal context is really, really hard.  Geeks
  really want to believe in the magic of cryptography.

In recognition of this, X.509 some years ago stopped even pretending that
digital signatures provided nonrepudiation.  The certificate flag that used to
be nonRepudiation is now called contentCommitment to indicate it's for a long-
term signature, while digitalSignature is for a short-term signature like
authenticating for an online service.

(There's a lot more to the NR/CC saga than that, very few implementers seem to
have got the memo about NR = CC and everyone just uses digitalSignature for
everything, see the "magic of cryptography" comment in the excerpt above).


More information about the cryptography mailing list