[cryptography] How are expired code-signing certs revoked?

Jon Callas jon at callas.org
Fri Dec 9 16:01:05 EST 2011

On 7 Dec, 2011, at 1:32 PM, Peter Gutmann wrote:

> <dan at geer.org> writes:
>> Another wrinkle, at least as a logic problem, would be whether you can revoke
>> the signing cert for a CRL and what, exactly, would that mean
> That's actually a known problem (at least to PKI people).  So what you're
> really asking is whether a self-signed root cert can revoke itself, since a
> lower-level cert can always be revoked by a higher-level one:
>  The handling of CA root certificates is particularly problematic because
>  there's no effective way to replace or revoke them.  Consider what would be
>  required to revoke a CA root certificate.  These are self-signed, which
>  means that the certificate would be revoking itself.  In the presence of
>  such a revocation applications can react in one of three ways: they can
>  accept the CRL that revokes the certificate as valid and revoke it, they can
>  reject the CRL as invalid because it was signed by a revoked certificate, or
>  they can crash (and some applications will indeed crash in this situation).
>  Since revocation of a self-signed certificate is the PKI version of
>  Epimenedes paradox "All Cretans are liars" and PKI applications are unlikely
>  to be coded to deal with self-referential paradoxes, crashing is a perfectly
>  valid response.

Maybe this is syntactically true, or even code-wise true, but this sounds crazed.

OpenPGP has the same problem, since all users are CAs, and revocation has to come from a cert itself (or a delegated revoker).

If you have a certificate issue a revocation for itself, there is an obvious, correct interpretation. That interpretation is what Michael Heyman said, and what OpenPGP does. That certificate is revoked and any subordinate certificates are also implicitly revoked. It's also like making a CRL for everything you issued.

If a software implementation did any of the other things, like crash, it's pretty obviously a bug. If a developer defended crashing or accepting any relevant certs on the grounds of it not being a well-formed first order logic, we'd yell at that developer.


More information about the cryptography mailing list