Cryptography Reference
In-Depth Information
The main technique used to manage certificate revocation in the eID card scheme
is CRLs (see Section 11.2.3). A significant problem of the eID card scheme is
that the potential size of CRLs is considerable. The eID card scheme Citizen CAs
issue new
base CRLs
every three hours. During the period between updates of the
base CRL, much smaller
delta CRLs
are issued, which identify changes to the last
base CRL. In this way anyone who wishes to maintain their own local copy of
the complete CRLs for the eID card scheme does not have to regularly download
the full database. All CRLs are digitally signed by the issuing Citizen CA using
2048-bit RSA.
In general, applications using the eID card scheme are free to decide how
to manage the certificate revocation information. Options include trusting the
revocation status management to a third-party provider who operates an OCSP
querying service (see Section 11.2.3), which itself will rely on the information
provided in the Citizen CA CRLs.
eID SIGNATURE VALIDITY
Given the importance of some of the applications of eID cards, particularly
with respect to digital signature creation, it is worth briefly commenting on the
potential validity of digital signatures during two specific periods of time:
Digital signatures created after an incident but before revocation
. As discussed
in Section 11.2.3, a potential problem arises if a relying party verifies an eID
card signature in the period between occurrence of a security incident (of a
type that invalidates the eID card non-repudiation verification key certificate)
and the revocation of that certificate. If the time of the incident can be precisely
verified then, technically speaking, a digital signature created during this period
is unlikely to be valid. Applications need to be aware of this potential problem
and have procedures for coping with it. The Citizen CAs assist this process by
frequently issuing base and delta CRLs.
Validity of digital signatures after expiry or revocation of the eID card (non-
repudiation verification key certificate)
. So long as a digital signature is
verified before expiry or revocation of the eID card (or its non-repudiation
verification key certificate) then it should still be regarded as valid (and, indeed,
may be legally binding) after the expiry or revocation date. One method for
making this more explicit is for the signer who signs some data to obtain a
digital signature from a trusted third party that attests to the validity of that
signature at a specific point in time. Namely, the signer Alice presents her
digital signature
sig
A
(data) to the TTP, who verifies this signature at time
t
and
then generates the digital signature:
sig
TTP
(
sig
A
(data)
||
t
)
.
The TTP thus acts as an archiving service. After the expiry or revocation of
her eID card, Alice can still present the archived signature as evidence of
