On Wed, Mar 3, 2021 at 12:50 PM Michael Thomas <mike@xxxxxxxx> wrote:
Or you just expect online and not worry about any of this.
I'm not even sure why you'd want to use certs in your use case. You're
just reinventing Kerberos.
Mike
It really isn't useful to discuss how PKIX makes use of client certs, it failed to achieve ubiquitous use, the management of private keys is horrible and revocation doesn't do what you want.
Something I learned in the past few days is that revocation is not part of authentication at all. It is exclusively a part of authorization. The device has been authenticated to the key even if the certificate was revoked.
What enterprises want for revocation of user credentials is a scheme that allows all use of the credential to be disabled within 30 minutes. The objective being that during the time Mallet is getting his termination interview in Alice's office, every open session Mallet has established is disconnected and he is prevented from creating any new ones.
I just don't see OCSP or any other PKIX technology doing that. And neither does the Mesh currently.
And it isn't just Mallet that is the issue here, it's also Alice's phone which Mallet swipes during the termination interview, that has to be disabled the minute Alice realizes it is gone.
Coincidentally, I am just working on that exact bit of the Mesh architecture. I think we can reuse the 'heartbeat' capability required in any presence protocol. If Alice can get messages on a device, it has to be telling the service where it can be reached.
So Alice's cell phone is going to be pinging Alice's MSP with a UDP packet once a minute or so. And that allows the device to send out updates whenever one of the catalogs that device is subscribed to is updated. It also allows Alice to be told of an incoming call, etc. etc.
We can do the exact same thing when Alice uses her credential to connect to a service. The relying service takes out a subscription to the credential source and gets a notification when it is revoked.
The exact same code path can be used when there is a change in Alice's authorization status while a device is connected. And that can go up as well as down.
