1

B requests for A's certificate and verifies with the key sent to him/her.

There is an attack exists as follows:

  1. A sends message, cert and cert key to B.
  2. A sends cert revocation request to CA after confirming the cert and key were successfully accepted.
  3. B receives the revocation information from CA.
  4. A repudiate the message.

It is totally possible that a private key owner keeps using the key before they find that it has been compromised. So, in the above case A can successfully make repudiation.

My question is, can the above attack really be applied? If so, how can it be avoided?

Edit: If it was an intentional attack by the private key owner, it would be totally different from the case of the attacker using the time difference between A's revocation request and B's receipt of the updated CRL information, which can be mitigated by OCSP.

a20
  • 103
  • 2
lihui
  • 13
  • 3

1 Answers1

2

Yes one could do this, the repudiation wouldn't be very convincing.

The CRL really isn't very relevant. A person can always claim his private key was stolen. His credit card was stolen or his car was stolen. We see people commit hit and run, realize what they have done park the car somewhere and report it stolen. Denying a credit card transaction etc. If the car is reported stolen well before the hit and run that would be convincing proof.

As with CRL it would be convincing if the revocation is clearly before the transaction. But a revocation very close in time to the transaction doesn't provide a very convincing repudation though theft is plausible it is not common. And the private key owner could still be held responsible for his private key.

CRLs should not waive responsibility the second they are posted.

Meir Maor
  • 12,053
  • 1
  • 24
  • 55