[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AKI and SKI problem with RFC 3280?

To: "Peter Gutmann" <pgut001@xxxxxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>, <stefans@xxxxxxxxxxxxx>
Subject: RE: AKI and SKI problem with RFC 3280?
From: "Al Arsenault" <aarsenau@xxxxxxx>
Date: Tue, 21 Oct 2003 10:18:04 -0400
Cc: <housley@xxxxxxxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Well, bear in mind that RFC3280 allows the "monotonically increasing..." bit
only for CA certificates.  Section 4.2.1.2 explicitly says:

	" For end entity certificates, subject key identifiers SHOULD be
   derived from the public key.  Two common methods for generating key
   identifiers from the public key are identified above."

Okay, it's only a SHOULD, not a MUST, but the scenario you reference below
only comes in to play if I signed the CMS message using my CA cert, not my
end-entity cert.

Got an example where this is relevant if the sKID's of two different CA
certs are the same?  Granted, if I use the CA cert directly in an
application, problems like your example can occur, but such uses shouldn't
be happening (IMNSHO).

		Al Arsenault

-----Original Message-----
From: Peter Gutmann [mailto:pgut001@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, October 21, 2003 9:10 AM
To: aarsenau@xxxxxxx; ietf-pkix@xxxxxxx; pgut001@xxxxxxxxxxxxxxxxx;
stefans@xxxxxxxxxxxxx
Cc: housley@xxxxxxxxxxxx
Subject: RE: AKI and SKI problem with RFC 3280?

"Al Arsenault" <aarsenau@xxxxxxx> writes:

>Why does an AKI/SKI have to be globally unique?
>
>It strikes me that the AKI/SKI extensions are simply "search aids".  That
is,
>they merely help the application (RP) determine which of a set of possible
>certificates to use is the correct one. While it would be kind of cool if
an
>SKI/AKI would be globally unique (it would make searching a repository a
>little easier/quicker IN SOME CASES), it doesn't strike me as a huge deal.

  You send me a CMS signed message (say) with the key identified by sKID =
0.
  My MUA finds a cert with sKID = 0 and tries to verify the signature.  The
  verification fails, and I get a warning saying that the forces of darkness
  are tampering with my communications, I could be under attack, and the
world
  is about to end.

  You send me a CMS signed message (say) with the key identified by sKID =
  aildhfsdfsjklhgdfjghkf.  My MUA can't find a cert with that sKID and
  displays an informational message saying that it couldn't find a signing
  key, and perhaps I should contact the sender for more information.

There's a big difference in terms of usability.

Peter.

References:
- RE: AKI and SKI problem with RFC 3280?
  - From: Peter Gutmann

Prev by Date: RE: AKI and SKI problem with RFC 3280?
Next by Date: Re: AKI and SKI problem with RFC 3280?
Previous by thread: RE: AKI and SKI problem with RFC 3280?
Next by thread: Re: AKI and SKI problem with RFC 3280?
Index(es):
- Date
- Thread