[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CA vs. EE cert processing

To: Moshe Litvin <moshe@xxxxxxxxxxxxxxxxxxx>
Subject: Re: CA vs. EE cert processing
From: Stephen Kent <kent@xxxxxxxxxxx>
Date: Thu, 8 Apr 1999 20:47:47 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxx

Moseh,

><snip>
>
>> >the first one aside for the moment, PKIX would be a better player in the
>> >broader X.509 world if it chose not to generate certificates that are
>> >ambiguous to such a world.
>>
>> The ambiguity exists in ALL verifiers, PKIX or not.  Thus pointing the
>> finger at PKIX is not rational.
>>
>
>The ambiguity does exist in ALL verifiers, but it doesn't exist in all CA's. A
>CA that follows PKIX creates ambiguous certificates. Only CA that does does
>something that it SHOULD NOT do create unambiguous certificates. Here pointing
>the finger at PKIX is very rational.
>
>We cannot remove the possibility of ambiguity but we can generate certificates
>that are not affected by it.

I agree that a CA could put the extension in all certs and thus be able to
say "not my fault; I did what I could."  But this does not address the
verifier problem in other than a heuristic fashion.  I want to
deterministic solution to the problem, and the suggested change to 2459
does not yield that.

>>
>> <snip>
>
>It is not probabilistic improvements. A CA that put the basicConstraints
>extension is 100% not ambiguous. What probablistic about that?
>
>Why discourage CA's from generating unambiguous certificates?

See my comments above. I was referring to the verifier, not the CA.  Sorry
for the ambiguity :-)!  The CA doesn't have a problem; verifiers have the
problem we are trying to address.

<snip>
>
>Adding the extension is not a heuristic improvement, a certificate with the
>extension is certificate that doesn't need heuristics period.
>
>Admittedly the verifier will have heuristics but the CA can ensure that they
>won't be activated.

No, it cannot!  So long as there are CAs following X.509 but not the 2459
profile, verifiers would need heuristics to process certs without
extensions issued by those CAs.  If we were willing to posit that no such
CAs will exist, then we would not have a problem, because in a purely
2459-compliant system (CAs and verifiers) there is not ambiguity.  You seem
to be switching perspectives in analyzing this issue.

>>
>
>X.509 already addresses the problem and suggests:
>
>   It is recommended that it be flagged critical, otherwise an entity which is
>not
>   authorized to be a CA may issue certificates and a certificate-using system
>   may unwittingly use such a certificate.
>
>For some reason PKIX decided to ignore the recommendation and invent it's own
>private semantics.

X.509 failed to solve this problem because it permits compliant CAs to
never include basicConstraints, thus creating the ambiguity.  The notes
fail to fix the problem, because they just "recommend" what to do.  In the
IETF we try to be very careful in our use of the magir words
MUST/SHOULD/MAY to avoid these problems.

Steve

Follow-Ups:
- Re: CA vs. EE cert processing
  - From: Moshe Litvin

References:
- Re: CA vs. EE cert processing
  - From: Stephen Kent
- Re: CA vs. EE cert processing
  - From: Moshe Litvin

Prev by Date: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by Date: RE: Certificates, Directories, and Distinguished Names
Previous by thread: Re: CA vs. EE cert processing
Next by thread: Re: CA vs. EE cert processing
Index(es):
- Date
- Thread