public-key certificates pki crl: Updated Sat, 04 Jun 2022 18:55:37 GMT

I've got my private key compromised. How does CRL work?

How does certificate revocation list (CRL) work? How can I send a request to the CA to add my current private key to the CRL, so no one except me can add my certificate to the CRL?

Solution

That depends on the concrete CRL.

As long as you have access to your private key, you can sign the revocation request. This prevents anyone without access to the private key from issuing a faked revocation request.

With access to the private key, a faked revocation request can be sent. But in this case the damage is already done, and a revocation is actually helping the victim.

Comments (2)

+0 – That makes sense. What protocol is used for CRL? — Nov 15, 2013 at 13:23
+1 – @evening Did you do any research before asking all your similar questions? Several places, including Wikipedia's "Revocation list" article give you that information and/or link to related RFCs. You might also want to check on Wikipedia's "Online Certificate Status Protocol" article for more infos. Hope that helps — Nov 16, 2013 at 15:55

External Links

External links referenced by this document:

References

https://crypto.stackexchange.com/questions/11713