[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Public key validation and Proof of possession

To: ietf-pkix@xxxxxxx
Subject: Public key validation and Proof of possession
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Tue, 25 Oct 2005 17:03:55 -0400
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


Dear PKIX WG:

The draft NIST SP 800-56 defines the requirements for "RecipientAssurance of Static Public Key Validity." See Section 5.6.2.2, where it says:


   The recipient of a static public key shall obtain assurance of its validity
   in one or more of the following ways:

      1. Recipient Full Validation - The recipient performs a successful full
         public key validation (see Sections 5.6.2.4 and 5.6.2.5).

      2. TTP Full Validation – The recipient receives assurance that a trusted

third party (trusted by the recipient) has performed asuccessful full

         public key validation (see Sections 5.6.2.4 and 5.6.2.5).

3. TTP Generation – The recipient receives assurance that atrusted thirdparty (trusted by the recipient) has ge nerated thepublic/private keypair in accordance with Section 5.6.1 and has provided thekey pair to

         the owner.

It seems to me that option 2 was include to allow a CA to perform thepublic key validation once, and then any party that makes use of thecertificate need not do it again. From a system performanceperspective, this seems highly desirable.

In some highly assured implementation environments, it seemsdesirable for there to me an indication in the certificate that thisaction was taken by the CA. One could determine which certificationpolicies require the CA to take this action, but that means that thelist of certification policies would be continually adjusted by anadministrator. I would prefer a non-critical extension that declaredthat this action was taken by the CA.

The draft NIST SP 800-56, Section 5.6.3.2 discusses the requirementfor "Recipient Assurance of the Owner's Possession of a StaticPrivate Key." That is, the topic we have been discussing for yearson this list, calling it proof of possession. RFC 3647 includes aplace in the certification policy to discuss this topic. (RFC 3647,Section 3.2.1: Method to prove possession of private key.)

Again, in some highly assured implementation environments, it seemsdesirable for there to me an indication in the certificate that proofof possession was performed by the CA. I think it could be part ofthe same non-critical extension proposed above.

I therefore propose that the PKIX WG generate a standards-track RFCto define a certificate extension to provide these indications. Ipropose a very simple syntax:


   id-pe-caChecks OBJECT IDENTIFIER ::=  { id-pe <TBD> }

   CAChecks ::= BIT STRING {
      publicKeyValadation     (0),
      proofOfPossession       (1) }

Do others think this is a useful extension?

Russ

Follow-Ups:
- Re: Public key validation and Proof of possession
  - From: Stephen Kent
- RE: Public key validation and Proof of possession
  - From: Simon Blake-Wilson

Prev by Date: I-D ACTION:draft-ietf-pkix-2797-bis-03.txt
Next by Date: RE: Public key validation and Proof of possession
Previous by thread: I-D ACTION:draft-ietf-pkix-2797-bis-03.txt
Next by thread: RE: Public key validation and Proof of possession
Index(es):
- Date
- Thread