[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on <draft-ietf-pkix-crlaia-00.txt>

To: Russ Housley <housley@xxxxxxxxxxxx>
Subject: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Fri, 13 May 2005 09:57:40 +0200
Cc: pkix <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Bull SA.
References: <BF9309599A71984CAC5BAC5ECA629944023E57E5@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <427F6014.1030001@xxxxxxxx> <6.2.1.2.2.20050509111902.05e0c6a0@xxxxxxxxxxxxxxxx> <42805BD8.4050608@xxxxxxxx> <6.2.1.2.2.20050510145551.082d6310@xxxxxxxxxxxxxxxx> <42832153.8000802@xxxxxxxx> <6.2.1.2.2.20050512104257.0608b450@xxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0


Russ,

> Denis:
>
> Finally!  We now uncover the actual point of disagreement.

I would hope, but I am still unsure.

> You say:

 >> The same trust anchor is not a *sufficient* condition. The same node
 >> in the certification tree is the necessary condition. This implies, of
 >> course, the same trust anchor, but since two CRL issuers located at
 >> different nodes (i.e. certified by different CAS) might have the
 >> same CRL issuer name, this condition is insufficient to solve the
 >> issue.

> When policies, procedures, and practices are followed, I do not believe
> that two different CRL issuers that are subordinate to the same trust
> anchor can legitimately have the same name.

You have certainly heard of the name "Eurostar". That name was originally
used by a French truck company, and the French-British railways anyway
made accidentally a name collision with it.

We can hope that this does not happen again, but we cannot make sure it
already happened. We need to build a secure PKI, not a "nearly secure"
PKI and there ARE solutions to make it fully secure.

I also know there are current solutions which are NOT fully secure.
The goal of our group is to say how to make it secure.

> As I said yesterday, I am
> willing to add text to the Security Considerations section to state
> this.

As mentioned above, this is untrue in general.

> I am even willing to state that certificate users should not
> include trust anchors that do not have policies, procedures, and
> practices that would prevent such name collisions.

This is impossible to state since the certification tree may be growing
and thus you cannot make sure that you have explored all the tree.

See my detailed response to Stefan from a few minutes ago on what needs tobe covered in the security considerations section.


Denis

> Russ

Follow-Ups:
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Jean-Marc Desperrier

References:
- RE: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Stefan Santesson
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Denis Pinkas
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Russ Housley
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Denis Pinkas
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Russ Housley
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Denis Pinkas
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Russ Housley

Prev by Date: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
Next by Date: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
Previous by thread: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
Next by thread: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
Index(es):
- Date
- Thread