[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] Comments on sixth draft of IPKI X.509 Certificate and CRL Profile

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] Comments on sixth draft of IPKI X.509 Certificate and CRL Profile
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 17 Mar 1998 20:58:42 -0500
Approved-by: Stephen Kent <kent@BBN.COM>
In-reply-to: <>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

Tirthankar,

I'm not certain that the example you cite will prove to be a problem.  Not
only must an attacker construct a packet with a public key info field that
has the same hash value as the subject key identifier (for a good hash
algorithm this is generally infeasible if the public key in question
differs), but the public key in the purpored CA cert must correspond to the
private key used to sign the target certificate.  Now, if you're willing to
construct a CA cert with the same public key info and different other
parameters, that will work, but then  you'll have to cause the cert chain
to terminate at a (root) CA acceptable to the cert consumer.  Remember, the
intent of this backpointer is not to add security, but merely to facilitate
selection of the right cert from among several valid ones issued to the
same CA.

Steve

References:
- [IETF-PKIX] Comments on sixth draft of IPKI X.509 Certificate and CRL Profile
  - From: Tirthankar Barari

Prev by Date: Re: [IETF-PKIX] Cryptographic binding of certificates tosignatures
Next by Date: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and other extensions
Previous by thread: [IETF-PKIX] Comments on sixth draft of IPKI X.509 Certificate and CRL Profile
Next by thread: [IETF-PKIX] OCSP and RCSP
Index(es):
- Date
- Thread