Skip to content

Commit

Permalink
Update draft-dekater-scion-pki.md
Browse files Browse the repository at this point in the history
  • Loading branch information
nicorusti authored Jul 8, 2024
1 parent 08c69c5 commit 26d5d51
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion draft-dekater-scion-pki.md
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ There are two types of TRC updates: regular and sensitive. A **regular TRC updat

The CP-PKI does not explicitly support certificate revocation. Instead, it relies on the two mechanisms described above and on short-lived certificates. This approach constitutes an attractive alternative to a revocation system for the following reasons:

- Both short-lived certificates and revocation lists MUST be signed by a CA. Instead of periodically signing a new revocation list, the CA can simply re-issue all the non-revoked certificates. Although the overhead of signing multiple certificates is greater than that of signing a single revocation list, the overall complexity of the system is reduced. In the CP-PKI the number of certificates that each CA must renew is manageable as it is limited to at most the number of ASes within an ISD.
- Both short-lived certificates and revocation lists must be signed by a CA. Instead of periodically signing a new revocation list, the CA can simply re-issue all the non-revoked certificates. Although the overhead of signing multiple certificates is greater than that of signing a single revocation list, the overall complexity of the system is reduced. In the CP-PKI the number of certificates that each CA must renew is manageable as it is limited to at most the number of ASes within an ISD.
- Even with a revocation system, a compromised key cannot be instantaneously revoked. Through their validity period, both short-lived certificates and revocation lists implicitly define an attack window (i.e., a period during which an attacker who managed to compromise a key could use it before it becomes invalid). In both cases, the CA must consider a tradeoff between efficiency and security when picking this validity period.

## Overview of Certificates, Keys, and Roles
Expand Down

0 comments on commit 26d5d51

Please sign in to comment.