| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by pritambaral 4445 days ago
	Why is the power of revocations in cert issuer's hands? As long as the private key is private, I don't see how a malicious entity could add your private key to the revocation list. In fact, a place in the revocation list should be reserved every time a cert is issued, possibly with a mechanism to trigger it with the private key. For example, if I send a message encrypted/signed with my private key to the revocation authority, they can decrypt/verify it with my public key, which they received when the CA issued my cert.

2 comments

andreasvc 4445 days ago

> Why is the power of revocations in cert issuer's hands? As long as the private key is private

Because a major reason for revocation is when the private key has been compromised.

link

riquito 4444 days ago

>> Why is the power of revocations in cert issuer's hands? As long as the private key is private

>Because a major reason for revocation is when the private key has been compromised.

His point is that whoever compromised the key is not interested to put it in the revocation list. If he does it... well, he did the good thing.

link

andreasvc 4444 days ago

I see. Using the private key to revoke the certificate would be a denial of service attack, so requiring the CA for revocation avoids that, but admittedly it's not the first thing to worry about when a private key is compromised.

link

pritambaral 4444 days ago

So? Even if the key is in the hands of an attacker, what can they do to the corresponding entry in a revocation list? Add it, nothing else!

Unless, you mean that the owner has lost access to the private key itself. For that case, I can see CA's having the power to revoke certs in addition to my suggested method.

link

Eiwatah4 4444 days ago

What if someone hacked your server and stole, then deleted the private key? (Backing up private keys is bad practice.)

What if the CA notices they issued a fraudulent certificate?

link

pritambaral 4444 days ago

Hmm, I considered this possibility in a comment, incidentally two hours before yours, below. Let the CA have an ability to revoke certs, I'm not suggesting against that. I'm suggesting a method in addition to it.

link