[145467] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jul 28 12:22:03 2010
Date: Wed, 28 Jul 2010 12:18:56 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: Nicolas Williams <Nicolas.Williams@Oracle.COM>
Cc: cryptography@metzdowd.com
In-Reply-To: <20100728155051.GT566@oracle.com>
On Wed, 28 Jul 2010 10:50:52 -0500 Nicolas Williams
<Nicolas.Williams@Oracle.COM> wrote:
> On Wed, Jul 28, 2010 at 11:38:28AM -0400, Perry E. Metzger wrote:
> > On Wed, 28 Jul 2010 09:57:21 -0500 Nicolas Williams
> > <Nicolas.Williams@oracle.com> wrote:
> > > OCSP Responses are much like a PKI equivalent of Kerberos
> > > tickets. All you need to do to revoke a principal with OCSP is
> > > to remove it from the Responder's database or mark it revoked.
> >
> > Actually, that's untrue in one very important respect.
> >
> > In a Kerberos style system, you actively ask for credentials to do
> > things at frequent intervals, and if the KDCs refuse to talk to
> > you, you get no credentials.
> >
> > In OCSP, we've inverted that. You have the credentials, for years
> > in most cases, and someone else has to actively check that
> > they're okay -- and in most instances, if they fail to get
> > through to an OCSP server, they will simply accept the
> > credentials.
>
> No, they really are semantically equivalent.
Again, I understand that in a technological sense, in an ideal world,
they would be equivalent. However, the big difference, again, is that
you can't run Kerberos with no KDC, but you can run a PKI without an
OCSP server. The KDC is impossible to leave out of the system. That is
a really nice technological feature.
Peter Gutmann has pointed out other critical distinctions, but I'll
let his message stand for itself.
Perry
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
