Penetration Testing mailing list archives
Re: Digital Certification Revocation
From: Tracy Reed <treed () ultraviolet org>
Date: Thu, 17 Sep 2009 11:28:42 -0700
On Wed, Sep 16, 2009 at 06:53:26PM +0200, M.D.Mufambisi spake thusly:
Another question from yours truly. When someone has a digital certificate, and then passes away (dies) how does the Revocation authority get to know about this so as to disallow further use of that persons digital cert?
The authority needs to be sent a revocation request signed by the certificate being revoked. It is good practice to generate this revocation request at key generation time and keep it in a safe place. This is because if the signing key is lost such that no signed revocation certificate can be generated it becomes impossible to revoke. Similarly, if the private signing key is encrypted and the owner of the key takes the password to their grave it is impossible to generate a revocation certificate. -- Tracy Reed http://tracyreed.org
Attachment:
_bin
Description:
Current thread:
- Digital Certification Revocation M.D.Mufambisi (Sep 17)
- Re: Digital Certification Revocation Tracy Reed (Sep 17)