Security Basics mailing list archives

RE: Digital Certification Revocation

From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 18 Sep 2009 11:56:40 -0700

  SOMEBODY has to tell the world to revoke the cert.  If YOU
weren't DEAD, you could do it...

David Gillett

-----Original Message-----
From: Peter, Matt [mailto:matt.peter () capgemini com] 
Sent: Friday, September 18, 2009 9:43 AM
To: M.D.Mufambisi; Tracy Reed
Cc: pen-test () securityfocus com; security-basics
Subject: RE: Digital Certification Revocation

Isn't that something you would put in your will and require 
be executed? 

If you're this paranoid you could require two unrelated 
parties do it together.

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of M.D.Mufambisi
Sent: Friday, September 18, 2009 11:36 AM
To: Tracy Reed
Cc: pen-test () securityfocus com; security-basics
Subject: Re: Digital Certification Revocation

Thanks tracy. In the event that i die, what stops someone 
with access to my digital certification pose as me? Does 
someone have to revoke MY certificate in the even of my death?

Regards

Munya

On 9/17/09, Tracy Reed <treed () ultraviolet org> wrote:

On Wed, Sep 16, 2009 at 06:53:26PM +0200, M.D.Mufambisi

spake thusly:

Another question from yours truly. When someone has a digital 
certificate, and then passes away (dies) how does the Revocation 
authority get to know about this so as to disallow further use of 
that persons digital cert?


The authority needs to be sent a revocation request signed by the 
certificate being revoked. It is good practice to generate this 
revocation request at key generation time and keep it in a

safe place.

This is because if the signing key is lost such that no signed 
revocation certificate can be generated it becomes impossible to 
revoke.

Similarly, if the private signing key is encrypted and the owner of 
the key takes the password to their grave it is impossible

to generate

a revocation certificate.

--
Tracy Reed
http://tracyreed.org


--------------------------------------------------------------
----------
Securing Apache Web Server with thawte Digital Certificate In 
this guide we examine the importance of Apache-SSL and who 
needs an SSL certificate.  We look at how SSL works, how it 
benefits your company and how your customers can tell if a 
site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache 
web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management 
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;
e13b6be442f727d1
--------------------------------------------------------------
----------







This message contains information that may be privileged or 
confidential and is the property of the Capgemini Group. It 
is intended only for the person to whom it is addressed. If 
you are not the intended recipient, you are not authorized to 
read, print, retain, copy, disseminate, distribute, or use 
this message or any part thereof. If you receive this message 
in error, please notify the sender immediately and delete all 
copies of this message.


--------------------------------------------------------------
----------
Securing Apache Web Server with thawte Digital Certificate In 
this guide we examine the importance of Apache-SSL and who 
needs an SSL certificate.  We look at how SSL works, how it 
benefits your company and how your customers can tell if a 
site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache 
web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management 
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;
e13b6be442f727d1
--------------------------------------------------------------
----------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Digital Certification Revocation M.D.Mufambisi (Sep 17)
- Re: Digital Certification Revocation Tracy Reed (Sep 17)
  - Re: Digital Certification Revocation M.D.Mufambisi (Sep 18)
    - Re: Digital Certification Revocation Tracy Reed (Sep 18)
    - RE: Digital Certification Revocation Peter, Matt (Sep 18)
    - Re: Digital Certification Revocation M.D.Mufambisi (Sep 18)
    - RE: Digital Certification Revocation David Gillett (Sep 18)