[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Current status of CRL validation ?

To: <ietf-pkix@xxxxxxx>
Subject: RE: Current status of CRL validation ?
From: "Santosh Chokhani" <chokhani@xxxxxxxxxxxx>
Date: Wed, 7 Apr 2004 12:07:34 -0400
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Julien:

I am not sure that two distinct CAs with the same key (putting aside the
same DN) should be the basis for analysis.  That situation will always lead
to problems.  We are relying on randomness of large numbers to help us that
this will not happen.

Consider providing an example where different CAs do not have the same key.

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx] On
Behalf Of Julien Stern
Sent: Wednesday, April 07, 2004 10:45 AM
To: ietf-pkix@xxxxxxx
Subject: Re: Current status of CRL validation ?

On Tue, Mar 23, 2004 at 11:56:01AM -0500, Stephen Kent wrote:
> 
> Julien,
> 
> The confusion stems from somewhat sloppy use of terminology in these
> discussions.
> 
> Only the issuer of a cert can revoke it and in X.509 (unlike PGP)
> there is only one issuer for a given cert. So, the revocation 
> question as you stated it was not well formed.

Stephen,

I do not believe that only the issuer of a cert can revoke it, notably when
indirect CRL are used.

> A cert is either revoked or not.

Well, I'm sincerely starting to believe this is not true :)
and not because of lack of available information.
Please point me to the flaw in the following setting:

       +-----+        +-----+    I have a certificate (Cert). Two
       | CA1 |        |     |    Different CAs (CA4 and CA5) have
       | DN1 |        | DN1 |    matching issuer DN and keys for it.
       | PK1 |        |     |
       +-----+        +-----+    These two CAs have two super CAs
        /   \            |       signed by the same root.
  +-----+   +-----+   +-----+
  | CA2 |   | CA3 |   |     |    I also have a CRL which refers to
  | DN2 |   | DN3 |   | DN3 |    the certificate but whose only
  | PK2 |   | PK3 |   |     |    chain up to DN1 is going through
  +-----+   +-----+   +-----+    DN4 and DN3 (but NOT DN2).
     |         |         |
  +-----+   +-----+   +-----+    Now assume that the left path
  | CA4 |   | CA5 |   |     |    (CA1 -> CA2 -> CA4 -> Cert)
  | DN4 |   | DN4 |   | DN4 |    is valid for SOME policies, and
  | PK4 |   | PK4 |   |     |    the right path is valid for some
  +-----+   +-----+   +-----+    OTHER policies.
       \     /           |
       +-----+        +-----+
       |Cert |        | CRL |
       +-----+        +-----+

If I try to validate the certificate with the "left" policy mappings, only
the "left" chain will be valid. Then, I will check the chain for the CRL,
which will be valid and will match the DN matching rule, so I will conclude
that the certificate is revoked.

If I try to validate the certificate with the "right" policy mappings, onle
the "right" chain will be valid. Then, I will check the chain for the CRL,
which will not match the DN matching rule, so I will not be able to verify
the validity of the CRL, and hence conclude that the certificate is valid.

Sincerely,

--
Julien

Follow-Ups:
- Re: Current status of CRL validation ?
  - From: Julien Stern

References:
- Re: Current status of CRL validation ?
  - From: Julien Stern

Prev by Date: RE: Signing Untrusted SCVP?
Next by Date: SCVP Change Proposal (was: Signing Untrusted SCVP?)
Previous by thread: Re: Current status of CRL validation ?
Next by thread: Re: Current status of CRL validation ?
Index(es):
- Date
- Thread