[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

3280bis: CRL validation

To: pkix <ietf-pkix@xxxxxxx>
Subject: 3280bis: CRL validation
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Thu, 26 May 2005 10:43:30 +0200
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Bull SA.
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0


To the list,

I changed the name of the thread which is now under 3280bis.

As Tim mentioned: "it is clear that the current content of 3280bis withrespect to CRL validation does not enjoy consensus within the working group".

Issues 33 and 43 are directly related to this topic. They are both copiedbelow:

33) The certificateIssuer CRL entry extension contains a GeneralNames.While RFC 3280 does not state this, there seems to be general agreement thatthe certificateIssuer extension should only contain the DN from the issuerfield of the certificate being revoked.


  3280bis states: "Conforming CRL issuers MUST include in [the
  certificateIssuer] extension the distinguished name (DN) from the
  issuer field of the certificate that corresponds to this CRL entry.
  The encoding of the DN MUST be identical to the encoding used in the
  certificate."


 43) It should be noted in 3280bis that there is a risk that two different
     CAs (or a CA and a CRL issuer) may issue certificates and CRLs under
     the same name and that if this happens there is a risk that a relying
     party will validate a certificate issued by one of these entities
     using a CRL issued by the other.

  The security considerations section of 3280bis states that CAs and CRL
  issuers should be formed in a way that reduces the likelihood of name
  collisions.  It also states that implementations validating CRLs MUST
  ensure that the certification path of the target certificate and the
  CRL issuer certification path used to validate the target certificate
  terminate at the same trust anchor.

Both statements are incorrect.

For issue 43: name collisions are possible and a design cannot be based onthe assumption that name collisions, whether accidental or intentional, willnever happen. This means that chosing names to "reduce the likehood of namecollisions" is not a way to solve the issue. Termination at the same trustanchor without additional details does not solve the issue either.


For issue 33: the certificateIssuer extension is defined as :

     certificateIssuer ::= GeneralNames

with

     GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

It is not defined as:

     certificateIssuer ::= GeneralName

... and this is NOT an error.

To go directly to the point, certificateIssuer may contain in practice either:

 - one name, or
 - a sequence of names.

If it contains one name, this means that this name MUST be certified by theCA that has issued the certificate where the extension appears.

If it contains a sequence of names, this means that the certification pathof the CRL issuer certificate formed using that sequence of names MUST alsoterminate at the trust anchor of the target certificate.


This is secure and avoids any name collision, either deliberate or intentional.

Denis

Follow-Ups:
- Re: 3280bis: CRL validation
  - From: David A. Cooper

Prev by Date: Re: [draft-ietf-pkix-sim-04.txt]
Next by Date: RE: 3280bis: CRL validation
Previous by thread: [draft-ietf-pkix-sim-04.txt]
Next by thread: Re: 3280bis: CRL validation
Index(es):
- Date
- Thread