[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Self-signed root transport and CA expiration

To: ssl-talk@xxxxxxxxxxxx, ietf-pkix@xxxxxxxxxx
Subject: Re: Self-signed root transport and CA expiration
From: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Date: Tue, 19 Nov 1996 16:41:29 -0500

> 
> Clearly, the root needs to be verified against a trusted database which
> contains trusted root certificates; the advantage of having it sent it is
> that you are provided with an unambiguous statement as to exactly which key
> a certificate has been signed with. The Distinguished Name in the issuer
> field of a certificate is insufficient to specify the signing key. As
> certificate authorities expire and roll over from old to new, there will be
> a period of time when a received certificate may have been signed with the
> old key or the new key. During this period (which may be indefinite,
> depending on policy), the only way to check the signature is to try all
> possible keys.
> 
>  - Tim


Or send the root certificate's fingerprint instead of the full cert,
and match against the fingerprints of all the certs in the database.
Trying all possible keys at 100 ms each might be a problem in some
situations, but doing a memcmp against a list of 20 byte hashes
will be faster than against a list of 600 byte certs.

If one is designing a protocol, it makes sense to design it in such a
way as to preclude implementors from making mistakes.  If the full cert
is sent, somewhere someone's implementation is going to use it to
validate the chain without bothering with the database check.  Oops.

     dpk

Prev by Date: Re[2]: X.509 V3
Next by Date: RE: Self-signed root transport and CA expiration
Previous by thread: RE: Self-signed root transport and CA expiration
Next by thread: RE: Self-signed root transport and CA expiration
Index(es):
- Date
- Thread