Re: Digital Certification Revocation

[Tracy Reed <treed () ultraviolet org>]

On Wed, Sep 16, 2009 at 06:53:26PM +0200, M.D.Mufambisi spake thusly:
> Another question from yours truly. When someone has a digital
> certificate, and then passes away (dies) how does the Revocation
> authority get to know about this so as to disallow further use of that
> persons digital cert?

The authority needs to be sent a revocation request signed by the
certificate being revoked. It is good practice to generate this
revocation request at key generation time and keep it in a safe
place. This is because if the signing key is lost such that no signed
revocation certificate can be generated it becomes impossible to
revoke.

Similarly, if the private signing key is encrypted and the owner of
the key takes the password to their grave it is impossible to generate
a revocation certificate.

-- 
Tracy Reed
http://tracyreed.org

Attachment: _bin
Description: