[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [saag] X.509 certificate collision, via MD5 collisions

To: "Dave Engberg" <dengberg@xxxxxxxxxxxxxx>, "Stephen Kent" <kent@xxxxxxx>, "Robert Zuccherato" <robert.zuccherato@xxxxxxxxxxx>
Subject: RE: [saag] X.509 certificate collision, via MD5 collisions
From: "Michael Myers" <mmyers@xxxxxxxxx>
Date: Fri, 4 Mar 2005 19:53:57 -0700
Cc: <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Title: RE: [saag] X.509 certificate collision, via MD5 collisions

The cited text was authored by Dave Solo in response to an ad-hoc caucus held many years ago in Chicago, with Mack Hicks' concurrence. Dave's text was not written to ratify reliance on CRLs, but rather to define the meaning of "good" in the context of OCSP.

Mike

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]On Behalf Of Dave Engberg
Sent: Friday, March 04, 2005 6:16 PM
To: Stephen Kent; Robert Zuccherato
Cc: ietf-pkix@xxxxxxx
Subject: RE: [saag] X.509 certificate collision, via MD5 collisions

I think Robert was using the formal RFC 2560 definition of "good":

   The "good" state indicates a positive response to the status inquiry.
   At a minimum, this positive response indicates that the certificate
   is not revoked, but does not necessarily mean that the certificate
   was ever issued or that the time at which the response was produced
   is within the certificate's validity interval. [...]

This is slightly different than the intuitive sense of good-ness, and I think it matches with your description. Mr. Myers (et.al) could chime in, but I belive this definition was specifically chosen so that a responder could operate using only the CRL and not a DB of issued certs. (Pre-signing aside.)

From: Stephen Kent
Sent: Fri 3/4/2005 6:43 PM
To: Robert Zuccherato
Cc: Russ Housley; ietf-pkix@xxxxxxx
Subject: RE: [saag] X.509 certificate collision, via MD5 collisions

At 10:46 AM -0500 3/4/05, Robert Zuccherato wrote:
> <SNIP>
>There are also some practical problems with overloading the serial
>number. CRLs will, in most circumstances, increase in size. Also,
>OCSP responders that pre-compute responses may have trouble
>pre-computing "good" responses if they cannot predict which serial
>numbers have been used. This issue would come up with responders
>that work from CRLs and assume that a certificate is "good" if it's
>serial number doesn't appear on a CRL.

An OCSP responder is only supposed to indicate whether a cert is
revoked or not. so, if the cert is not in the CRL, it it not known
to be revoked, and if it is there is it revoked. absence from the CRL
is not necessarily an indication of a "good" cert and any inference
of that sort is an error.

Steve

References:
- RE: [saag] X.509 certificate collision, via MD5 collisions
  - From: Dave Engberg

Prev by Date: RE: [saag] X.509 certificate collision, via MD5 collisions
Next by Date: alert the PKIX working group of a potential intellectual property issue
Previous by thread: RE: [saag] X.509 certificate collision, via MD5 collisions
Next by thread: RE: [saag] X.509 certificate collision, via MD5 collisions
Index(es):
- Date
- Thread