[phasmantistes]

CAs need to know every certificate they've issued so that

a) if they receive a request to revoke that certificate, they can actually do so; and

b) if they need to revoke all of their certs (e.g. due to discovering a validation process failure) they don't miss any.

[masklinn]

Isn't it more "a lot" of certs? Surely if they need to revoke all certs they can just revoke the intermediate.

[patrakov]

There is a middle ground between "all certs" and "a few certs". An example would be https://community.letsencrypt.org/t/revoking-certain-certifi... (2.4% of all certificates). This needs a full list of affected certificates but is too small to revoke the intermediate.

[masklinn]

> There is a middle ground between "all certs" and "a few certs".

And the GP used the word "all" which is what I was replying to.

[layer8]

Case (b) is problematic anyway in the general case, since for timestamped signed data the revocation time is relevant, because signatures provably created before the revocation time remain valid, and at least for OCSP a published revocation time is not allowed to precede the publication of earlier “good” revocation data for the same certificate. (For CRL this constraint is merely recommended, not strictly mandated.) This means you can’t retroactively revoke certificates for times in the past, and hence your original validation procedure better be valid.

In the same context, revoking the intermediate CA is bad in case some issued certificates were valid for an initial period, because then clients are unable to obtain fresh revocation information about issued certificates that would indicate the respective time of revocation (because the intermediate CA has to remain valid in order to be able to validate the signature on the OCSP response or CRL).

This is mostly not a concern in the context of TLS validation, because that usually relates only to the present time, not to times in the past, but it is relevant for code signing or other electronic signature use cases.

[magicalhippo]

> b) if they need to revoke all of their certs (e.g. due to discovering a validation process failure) they don't miss any.

Dumb q, but why not just revoke/invalidate the signing certificate used to sign the certificates?