Security consideration: do we mention the revocation problem?

lamps-wg / draft-composite-sigs

IETF Internet-Draft about X.509 certificates with composite keys and signatures.

Other

1 stars 1 forks source link

Security consideration: do we mention the revocation problem? #49

Open ounsworth opened 2 hours ago

ounsworth commented 2 hours ago

We should mention that when a CA checks a public key to see if it has previously been revoked, this is often done by public key hash, so it is possible that a composite public key is submitted to a CA and even though both component keys have been revoked for key compromise, the CA may not detect it. For this reason, CAs checking composite keys for revocation for key compromise SHOULD check for both component keys independently.

We may already have text to this effect, but we should review it.

johngray-dev commented 2 hours ago

Requiring fresh keys is what is motivating this security consideration.