I do not like CRLs (Certificate Revocation Lists) for they seem not to increase the set of safe protocols. They merely improve the odds against certain attacks. I grant that that is useful if one is careful not to be fooled by a false sense of security.

This morning (2004 July 23) I heard an idea that does not solve the problems of CRLs yet seems to be very good and in need of recording. This was not my idea. Chip, Markm, Marcs, Alan, Tyler, Chris, Dean and I were there.

E’s redirectory (RDR) is a non-authoritative service that provides clues for where (in IP space perhaps) someone might be found who holds the private key corresponding to the public key whose fingerprint you have provided to RDR. The proposal is that the RDR accept and post new key messages which mean “This new < fingerprint, location> supplants old key with fingerprint xxx.”. The RDR demands that the message be signed by the old private key. In case such a private key is duplicated or compromised some clone (perhaps benign, perhaps not) may arise and the two holders of the private key may each sign such messages to the RDR nominating distinct new fingerprints.

When a query comes to the RDR with a fingerprint for a key which has been supplanted, the RDR returns all supplanting messages together with their respective signatures. A key which has been supplanted more than once is said to be contested. It seems to me that this puts the responsibility for considering the ramifications of clones with the party who cares. The RDR need not judge. For better or worse this supports first class manifest forked identities with divergent state!

Other messages to the RDR may announce new IP addresses without revoking a key. Perhaps it is more orthogonal to separate revocation from changing IP addresses. I am not sure that is safe.

Presumably a vat updates the fingerprints of its sturdy references when it sees a supplant message. Perhaps it stalls a while. If a vat is to check a signature of a supplantation someone must deliver the old public key. Who would that be? The pretender to the throne, I suppose.