Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible reasons for key revocation #10

Open
sgoendoer opened this issue Jan 19, 2016 · 2 comments
Open

Possible reasons for key revocation #10

sgoendoer opened this issue Jan 19, 2016 · 2 comments

Comments

@sgoendoer
Copy link
Contributor

Reasons a user might want to revoke the keypair used to create the GUID

RFC3280 defined two main states of a revocation: HOLD (temporary) and REVOKED (indefinitely). RFC5280 defines the following reasons for a key revocation:

unspecified (0)
keyCompromise (1)
CACompromise (2)
affiliationChanged (3)
superseded (4)
cessationOfOperation (5)
certificateHold (6)
removeFromCRL (8)
privilegeWithdrawn (9)
AACompromise (10)

I don't think we would need all of those. Here is a (incomplete?) list of reasons in the rethink-context. Please feel free to extend and/or discuss the list items:

severe reasons

  • [Encryption algorithm compromised] The key algorithm has been broken (i.e. the key is not secure anymore)
  • [Key generation compromised] Due to a security issue, the key was (might have been) created with insecure parameters
  • [Key compromised] Someone obtained a copy of the user's private key
  • [CA compromised] Someone obtained a copy of the CA's private key

other reasons

  • [Key might have been compromised] Suspicion that someone got hold of the private key
  • [Key outdated] The key is old and should be replaced
  • [Key inaccessible/destroyed] The key file cannot be read/has been deleted
  • [Account cessation] The account should be deleted indefinitely
  • [New identity] The user wants to abandon a GUID and create a new one. (No key revocation needed!?)
  • [Architecture change] The GUID creation changed significantly, so that "old" keys cannot be used anymore
@rjflp
Copy link
Contributor

rjflp commented Feb 5, 2016

These are all valid reasons, but for implementation purposes do we need them all? If necessary, I would say we can simplify by considering that:

  • [Key compromised] and [Key might have been compromised] are one and the same. Especially if we only have REVOKED but not temporary revocation.
  • [Key outdated] should not be required. The certificate will have an expiration date. Is this a way to shorten the expiration date after the certificate is created? Do we really need it?
  • [New identity] is a subset of [Account cessation] ?
  • [Architecture change] is a subset of [Encryption algorithm compromised] ?

A general "unspecified" could be useful for future, unforeseen cases.

I can't come up with a case that is not already covered by @sgoendoer 's list.

@sgoendoer
Copy link
Contributor Author

Well, I made this list not as a proposal to use ALL of them, just to have a list of all (?) possible reasons why someone would want to revoke a key. Hence, as Ricardo already pointed out, a much smaller subset of reasons might suffice.
"Key outdated": No, I guess, this reason in the certificate would be just an "explanation" why your key is not in use anymore. As already noted, after a certificate expired, noone is forced to (manually) revoke the key additionally.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sgoendoer @rjflp