A mighty fortress is our PKI, Part II
Perry E. Metzger
perry at piermont.com
Wed Jul 28 12:18:56 EDT 2010
On Wed, 28 Jul 2010 10:50:52 -0500 Nicolas Williams
<Nicolas.Williams at Oracle.COM> wrote:
> On Wed, Jul 28, 2010 at 11:38:28AM -0400, Perry E. Metzger wrote:
> > On Wed, 28 Jul 2010 09:57:21 -0500 Nicolas Williams
> > <Nicolas.Williams at oracle.com> wrote:
> > > OCSP Responses are much like a PKI equivalent of Kerberos
> > > tickets. All you need to do to revoke a principal with OCSP is
> > > to remove it from the Responder's database or mark it revoked.
> >
> > Actually, that's untrue in one very important respect.
> >
> > In a Kerberos style system, you actively ask for credentials to do
> > things at frequent intervals, and if the KDCs refuse to talk to
> > you, you get no credentials.
> >
> > In OCSP, we've inverted that. You have the credentials, for years
> > in most cases, and someone else has to actively check that
> > they're okay -- and in most instances, if they fail to get
> > through to an OCSP server, they will simply accept the
> > credentials.
>
> No, they really are semantically equivalent.
Again, I understand that in a technological sense, in an ideal world,
they would be equivalent. However, the big difference, again, is that
you can't run Kerberos with no KDC, but you can run a PKI without an
OCSP server. The KDC is impossible to leave out of the system. That is
a really nice technological feature.
Peter Gutmann has pointed out other critical distinctions, but I'll
let his message stand for itself.
Perry
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list