Proxy certificate revocation text
Hi! You will find attached to this message our proposed text for the Proxy Revocation topic, taking into account some comments from D. Chadwick as mentioned in the teleconferece. Best regards, Oscar & Jesus
Hi Oscar and Jesus Your document says "it is highly recommended that only End Entities revoke their own Proxy Certificates. If a third party is required to perform this process (i.e. resource owners and local security administrators), it is recommended to notify of such revocation the corresponding End Entity from the Proxy Validation Path so appropriate counteractive actions can take place. However, as mentioned previously, third party revocation is not a recommended practice from a security point of view." I would actually go further than you do, and say that no-one is allowed to revoke a proxy certificate except its creator or an authorised delegate of the creator. Allowing anyone else to revoke a proxy is equivalent of allowing a DOS attack on the proxy. On the other hand, a resource owner is the source of authority for his own resource, and can trust or distrust any certs that he wants to (PKC and AC). Therefore a resource owner can blacklist anything from using his resource. But this is not revocation of a proxy cert, since the proxy cert is still authentic and can still be used at other resources that trust it. It simply isnt valid for use at the local resource. Revocation on the other hand ensures that no-one should trust the proxy cert, since the issuer is saying that it is no longer valid. regards David jluna@ac.upc.edu wrote:
Hi! You will find attached to this message our proposed text for the Proxy Revocation topic, taking into account some comments from D. Chadwick as mentioned in the teleconferece.
Best regards, Oscar & Jesus
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
David Chadwick writes:
I would actually go further than you do, and say that no-one is allowed to revoke a proxy certificate except its creator or an authorised delegate of the creator. Allowing anyone else to revoke a proxy is equivalent of allowing a DOS attack on the proxy. On the other hand, a
I think is a great, idealistic view of the situation. Whether resource owner revocation is practical or not is a question. However, in some or maybe most all cases, proxy certs are created with the partial cooperation of a resource owner or related service, and so, they have a stake in this certificate. The key pairs are also portable. Communicating to other resource owners that a specific proxy certificate should no longer be used could be useful; it may be seen as necessary, to contain a security problem. Applying the principles that apply to an identity certificate to a short term or proxy certificate doesn't seem appropriate. They are ephemeral and mistakes are easily repaired. Denial of service is a typical byproduct of most security breaches and recovery scenarios; revoking selected proxy certificates rather than blocking all contact from a user seems like a step in a positive direction. Also, communication is important in dealing with security breaches. Healing your own problems but ignoring everyone else's is a real weakness of distributed computing security response. We hear all the time, I want to know about your blacklists! I want to know about things you block! when issues like this are raised. I think we can note these objections but we can also make some recommendations about how relying parties can communicate revocation information should they need to do so. I admit I take the point of view that the rights of the resource owner are pretty much absolute and so I think they have considerable say in what happens with a proxy certificate key pair found on their machine or minted on their service.
resource owner is the source of authority for his own resource, and can trust or distrust any certs that he wants to (PKC and AC). Therefore a resource owner can blacklist anything from using his resource. But this is not revocation of a proxy cert, since the proxy cert is still authentic and can still be used at other resources that trust it. It
That perhaps, shouldn't trust it, either.
simply isnt valid for use at the local resource. Revocation on the other hand ensures that no-one should trust the proxy cert, since the issuer is saying that it is no longer valid.
regards
David
jluna@ac.upc.edu wrote:
Hi! You will find attached to this message our proposed text for the Proxy Revocation topic, taking into account some comments from D. Chadwick as mentioned in the teleconferece.
Best regards, Oscar & Jesus
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
participants (3)
-
David Chadwick -
jluna@ac.upc.edu -
Mike Helm