Certificate Revocation

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

What in simple terms is "Certificate Revocation"

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Quick one to start with Si - look here, or this looks good too.

Just some quick Googling - will try and find out more for you ....

 

It's exactly what it sounds like Si, it is the withdrawal of a previously issued and validated certificate. All offered certificates are checked against the revocation list and any that have been revoked are considered invalid.

 

Can anyone tell me more about this.

 

So who governs/administers the list or lists, is there some commitee that takes care of this?

 

No one body governs the certificates per se the entire certificate system works on a trust basis. If I trust Certforums the I would trust certificates issued by their CA or by other CA's that were "children" of Certforums.

Think of it like this, if you met some guy in a bar and asked who he was, if he showed you a bus pass would you take the bus pass as proof of identity? Now image if he showed you a passport, would you believe he was who he said he was then? It all comes down to your trust in the issuing authority.

 

I understand the process, its more the mechanisms behind the process I'm unsure of.

If nobody governs the the process of certificate creation then whats stopping unlawful creation of them?

 

As Luton put so well Si, it's all a question of Trust. You can set up internal Certificate servers which you would govern, but if you are using certificates to communicate with another company you would want a certificate issuer who you both trust such as one of the Commercial CA's like Thawte or Verisign. The commercial CA would then govern the certificates. If you were only using the certificates for internal communications then you would just set up your own certificate infrastructure because hopefully you trust yourself Is that what you're driving at ?

 

It is yes, thanks all. I wanted to get a more in-dept understanding of a subject that I haven't studied and you guys came up with the good.

Thanks.