Re: Digital Certification Revocation
- From: Tracy Reed <treed@xxxxxxxxxxxxxxx>
- Date: Thu, 17 Sep 2009 11:28:42 -0700
On Wed, Sep 16, 2009 at 06:53:26PM +0200, M.D.Mufambisi spake thusly:
Another question from yours truly. When someone has a digital
certificate, and then passes away (dies) how does the Revocation
authority get to know about this so as to disallow further use of that
persons digital cert?
The authority needs to be sent a revocation request signed by the
certificate being revoked. It is good practice to generate this
revocation request at key generation time and keep it in a safe
place. This is because if the signing key is lost such that no signed
revocation certificate can be generated it becomes impossible to
revoke.
Similarly, if the private signing key is encrypted and the owner of
the key takes the password to their grave it is impossible to generate
a revocation certificate.
--
Tracy Reed
http://tracyreed.org
Attachment:
pgpIt7lN68GE7.pgp
Description: PGP signature
- Follow-Ups:
- Re: Digital Certification Revocation
- From: M.D.Mufambisi
- Re: Digital Certification Revocation
- References:
- Digital Certification Revocation
- From: M.D.Mufambisi
- Digital Certification Revocation
- Prev by Date: Re: Software to create IP Packets
- Next by Date: RE: You Deleted Your Cookies? Think Again
- Previous by thread: Digital Certification Revocation
- Next by thread: Re: Digital Certification Revocation
- Index(es):
Relevant Pages
|
