Re: Authority Revocation List - cont'd

[Nick Pope <pope@xxxxxxxxxxxxxxxxxxx>]

Sharon,

Sorry to come back to the issue of Authority Revocation List but I have 
some concern that there is:

- Ambiguity in the current text on use of ARL & CRLs,  
the use of the flags onlyContainsUserCerts and onlyContainsCACerts in 
12.6.3.1

-  potential for a security weakness resulting from confusion between 
CRLs and ARLs.

The sentence in 2nd para of 12.6.3.1 that I referred to earlier 
 "If this field is absent the CRL shall contain entries for all revoked 
unexpired certificates issued by the CRL issuer." could be read two 
ways:

a)  the issuingDistributionPoint ("this field") is absent then the CRL 
must be complete.

b)  if the distributionPoint component of the issuingDistributionPoint 
is absent (but the whole field present) then the CRL must be complete.

(a) above implies that if ARLs are used then the issing distribution 
point field must be present.

(b) implies that if the Issue Distribution distribution point 
field is to be used then either there must be a distribution point name 
or indirect CRL must be used.

Coming on to the potential weakness, if ARLs are used without any 
onlyContainsCACerts flag then it is possible for an attacker to switch 
the values in the CRL and ARL attributes so that when a CRL attribute 
is retrieved it does not contain his/her revoked certificate.  I don't 
believe that it is sufficient to trust the directory attribute type 
which is unprotected.

Thus, I believe that onlyContainsCACerts should be required for ARLs.

How do you interpret this text?
Do you agree that there is a need for clarification? 
Should the use of onlyContainsCACerts be required for ARLs?
Do you agree this warents a defect report?
Can this be briefly discussed at Hesinki?

Nick



-------------------------------------


Security & Standards
Suite A
191 Moulsham St.
Chelmsford
Essex
CM2 0LG
U.K.

Tel: +44 1245 495018
Fax: +44 1245 494517