Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Edmond 5 days ago

The app allows for self-revocation using the private key or a revocation code given when cert is issued, this is useful if a certificate is compromised...there is also an admin interface a trust anchor can use to revoke certificates they issue, a rogue trust anchor chain can also be revoked.

blibble 5 days ago | parent | next [-]

how does rogue anchor revocation in practice?

say if an anchor has issued tens of thousands of legitimate ids, and also ten to career fraudsters who gave them $10000 each

as you've outsourced the trust you have no idea which are legitimate, and if you revoke the lot you're going to have a lot of refunds to issue

(ultimately this is why countries only allow people who can be banned from their profession to certify documents)

Edmond 5 days ago | parent [-]

Each trust anchor gets issued a single certificate that can have delegation ability, ie the ability to issue new trust anchor certs to others.

So if say a UPS store is issued a cert and they go rogue, we can just revoke the trust anchor cert that was issued to the store, all certs issued further down are also automatically revoked...the revocation check is done either in the app or in the case of a third-party performing the verification they will recognize that there is a cert on the issuing chain that is revoked and reject the cert.

This is how TLS certs are handled too, if a CA goes rogue, all certs issued by that CA are revoked once the CA's root cert is revoked.

As for refund issues, that's a problem for the cert issuer to deal with.

blibble 5 days ago | parent | next [-]

> As for refund issues, that's a problem for the cert issuer to deal with.

no, it's your problem, as it's your brand slapped over everything, and now you've got tens of thousands of innocent people angry that you've revoked the IDs they paid for in good faith

this would translate into lawsuits, against you

whall6 5 days ago | parent | prev [-]

When you say that “we” can revoke, I assume you are talking about your company - the app. What sort of resources would be required to constantly audit the potentially thousands or hundreds of thousands of certificate issuers on your platform?

whall6 5 days ago | parent | prev [-]

Who is the entity that has the ability to revoke the certificate?