Thursday, June 21, 2007

Public Key Infrastructure and Key Revocation

First off, I'm not a security expert, so I may not get this quite right.

Anyway, I was thinking yesterday about key revocation and how you would handle this securely and reliably. It's an interesting problem. Looking at the worst case scenario, which would be a global system, it seems like a clustered solution would work best. We don't want a centralized server because if it goes down, then we can't manage the keys properly. With the cluster, we'll ensure high availability. The problem with this is ensuring that any updates are synced across all servers. Also, we have to ensure that the servers are trusted. This is where the real complexity comes into play as there are many clustering solutions. How we know that a server can be trusted is a big issue and also, if a key is revoked, how do we ensure that the fact the key is revoked is transmitted to all of the servers? Or, do we set up the system to check several servers simultaneously to find the latest updates?

Food for thought...