CMC issue - CA identification

["Avi Gozlan" <avi@xxxxxxxxxxxxxx>]

Hello,

CMC supplies the identityProof mechanism, by which a CA can immidiately and
automatically identify a CMC client. However, there are no means by which
the CA identifies itself to the CMC client. According to section 4.4 of RFC
2797, clients must explicitly approve trust of the included self-signed
certificate.

In the cases where the identityProof machanism is used the end entity and
the CA share a secret. The secret can be used to authenticate the reply as
well as the request.

Following is a proposal that utilizes this mechanism in the reply.

This way of authentication has some advantages:
- Same strength of authentication on the client side as on the CA side
- More secure - users are not always familiar with approving a CA or its
fingerprint
- Easier to use, no user intervention is required for CA identification

Is it possible that such an automatic identification proof will be added to
CMC (or descendant)?

Here is the proposal:

1. The buffer of the self-signed certificate in the "certificate" portion of
the signedData is the value to be validated
2. A SHA1 hash of the token is computed.
3. An HMAC-SHA1 value is then computed over the value produced in Step 1,
using the hash of the token from Step 2 as the shared secret value
4. The 160-bit-HMAC-SHA1 result from Step 3 is then encoded as the value of
the identityProof attribute.

When the client verifies the identityProof attribute, it extracts the
self-signed certificate from the chain included in the "certificate" portion
of the signedData. It then computes the HMAC-SHA1 value in the same way and
compares it to the identityProof attribute contained in the enrollment
request.

Thanks,

Avi Gozlan
PKI team
Check Point Software Technologies LTD.