RE: [caops-wg] Encoding AIA in first-level Proxy Cert
In DOEGrids ... I am not sure about every other IGTF PKI however ... end entity certificates can revoke themselves. It's often done. For instance, when a security issue arose at one site, several customers revoked their own certificates until local problems were cleared up.
Why wouldn't we permit this idea to be extended to proxy certs? That is, why shouldn't a proxy cert be permitted to revoke itself? What conditions would speak against that?
It does cerate an interesting denial of service possibillity in that if I compromise a machine that has proxy certs going thru it, I can revoke all subsequent proxies for the whatever proxy certs I find on that machine. If a higher level had to do the revocation then I would have to know something about the proxy certs generated by apps using those proxies, and it would seem more difficult t get that information. BC
in that if I compromise a machine that has proxy certs going thru it, I can revoke all subsequent proxies for the whatever proxy certs
Why is that bad? Let's try an analogy. Suppose my super secret password is exposed on machine B -- or better, machine B is totally compromised. It's in a chain of my logins and jobs connecting A->B->C. Since my account on B could presumably do lots of things, run lots of jobs & make other network connections, wouldn't you want to lock it once it machine B had been corrupted? Too bad about the lost work, but what's the better alternative?
participants (2)
-
Cowles, Robert D. -
Mike Helm