[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments)
- To: ietf-pkix@xxxxxxx
- Subject: Re: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments)
- From: "David A. Cooper" <david.cooper@xxxxxxxx>
- Date: Wed, 25 Apr 2001 13:25:23 -0400
- In-reply-to: <>
- References: <><><><><><><3ADDC6B4.13B96602@missi.ncsc.mil><><>
Steve,
If we are going to change PKIX to require the cA bit in basicConstraints to be set even when the subject public key can only be used to verify signatures on CRLs, then we need to be sure that the text clearly explains to readers when the cA bit should or should not be set. Currently new-part1-06 states that "[t]he cA bit indicates if the certified public key may be used to verify signatures on other certificates." The clearly is not accurate, since if the cA bit is set one still does not know whether the subject public key may be used to verify signatures on certificates. One must look at the keyUsage extension to make that determination.
I think it would be helpful to the discussion that we are having if you would clearly state your interpretation of the meaning of the cA bit in basicConstraints.
From what I have read so far, it appears that you believe that the cA bit should be used to indicate if the subject of the certificate is a CA. But, if this is the case, then new-part1-06 still does not accurately reflect your notion of the cA bit. Currently the text states that the cA bit may only be set if the keyCertSign bit or the cRLSign bit in keyUsage is set. However, a CA does more than just issue certificates and CRLs. A CA may have a private key dedicated to signing PKI transaction messages (e.g., certification response, revocation response, proof-of-possession challenge). If a certificate were issued to a CA with its PKI transaction message verification key as the subject public key, neither the keyCertSign nor the cRLSign bit in KeyUsage would be set, but the subject of the certificate would still be a CA.
So, should the cA bit be used to indicate if the certificate subject is a CA or to indicate that the subject public key may be used to verify signatures on certificates and/or CRLs? If the latter, then not all certificates issued to CAs will have the cA bit set.
Dave
At 01:31 PM 4/20/01 -0400, Stephen Kent wrote:
>>The description of basic constraints in X.509 further supports the idea that the cA bit is used to specify certificate issuing, not certificate and/or CRL issuing:
>>
>>"This field indicates if the subject may act as a CA, with the certified public key being used to verify certificate signatures. … The cA component indicates if the certified public key may be used to verify certificate signatures. … if the value of cA is not set to true then the certified public key shall not be used to verify a certificate signature"
>>
>>
>>pkix-new-part1-05 states something similar:
>>
>>"The cA bit indicates if the certified public key may be used to verify signatures on other certificates. If the cA bit is asserted, then the keyCertSign bit in the key usage extension (see 4.2.1.3) MUST also be asserted. If the cA bit is not asserted, then the keyCertSign bit in the key usage extension MUST NOT be asserted."
>
>again, this supports the notion that a CA signs certs, but it says nothing about whether a CA or some other entity signs CRLs. We have uncovered a number of instances where less than perfect wording has lead to confusion and our recent dialogue suggests that some of the quotes you cite are examples of this.