[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AKI and SKI problem with RFC 3280?

To: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
Subject: Re: AKI and SKI problem with RFC 3280?
From: Steve Hanna <steve.hanna@xxxxxxx>
Date: Tue, 21 Oct 2003 10:21:31 -0400
Cc: aarsenau@xxxxxxx, ietf-pkix@xxxxxxx, stefans@xxxxxxxxxxxxx, housley@xxxxxxxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

A decent MUA would understand that there may be more
than one cert with the same SKI. AKI/SKI is just a
hint. As such, it's nice (maybe leading to better
performance) if there's one and only one cert with
a particular SKI. But it's not required.

In fact, if you use one of the key hash methods for
calculating the AKI/SKI and there are several certificates
with the same subject public key (as with multiple
cross-certificates for a single CA), these certificates
will probably all have the same SKI.

Note also that AKI/SKI chaining SHOULD NOT be checked
during path validation. To be more explicit, it's
NOT true that the SKI of a CA certificate must match
the AKI of a certificate signed by that CA. Why?
Because the CA certificate may have been issued by
a CA that uses a different AKI/SKI computation technique
than the CA who's the subject of the CA certificate.

Thanks,

Steve

Peter Gutmann wrote:
> 
> "Al Arsenault" <aarsenau@xxxxxxx> writes:
> 
> >Why does an AKI/SKI have to be globally unique?
> >
> >It strikes me that the AKI/SKI extensions are simply "search aids".  That is,
> >they merely help the application (RP) determine which of a set of possible
> >certificates to use is the correct one. While it would be kind of cool if an
> >SKI/AKI would be globally unique (it would make searching a repository a
> >little easier/quicker IN SOME CASES), it doesn't strike me as a huge deal.
> 
>   You send me a CMS signed message (say) with the key identified by sKID = 0.
>   My MUA finds a cert with sKID = 0 and tries to verify the signature.  The
>   verification fails, and I get a warning saying that the forces of darkness
>   are tampering with my communications, I could be under attack, and the world
>   is about to end.
> 
>   You send me a CMS signed message (say) with the key identified by sKID =
>   aildhfsdfsjklhgdfjghkf.  My MUA can't find a cert with that sKID and
>   displays an informational message saying that it couldn't find a signing
>   key, and perhaps I should contact the sender for more information.
> 
> There's a big difference in terms of usability.
> 
> Peter.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: AKI and SKI problem with RFC 3280?
  - From: David P. Kemp
- Re: AKI and SKI problem with RFC 3280?
  - From: Michael Ströder
- Re: AKI and SKI problem with RFC 3280?
  - From: Jean-Marc Desperrier

References:
- RE: AKI and SKI problem with RFC 3280?
  - From: Peter Gutmann

Prev by Date: RE: AKI and SKI problem with RFC 3280?
Next by Date: Re: AKI and SKI problem with RFC 3280?
Previous by thread: RE: AKI and SKI problem with RFC 3280?
Next by thread: Re: AKI and SKI problem with RFC 3280?
Index(es):
- Date
- Thread