Re: CA vs. EE cert processing

[Moshe Litvin <moshe@xxxxxxxxxxxxxxxxxxx>]

Steve,

If PKIX mandated inclusion of basicConstraint then PKIX CA would issue
certificates that are unambiguous to every X.509v3 verifier. The verifier need
to know that the CA is a PKIX only if the certificate doesn't contain the
extension. Once the extension is in the certificate the ambiguity disappear.

PKIX chose to signal EE certificate by the absence of the extension, a way that
require out of band knowledge.

Based on this analyses I call PKIX broken. You can tell that it is X.509 fault,
but PKIX failed to fix it, when it could easily make things much better.

Mandating a basicConstraint is not the only way for removing that ambiguity.
PKIX can mandate inclusion of a keyUsage extension or of a policy OID that
specify that this is a PKIX certificate. Both of this solutions allows
processing of the certificate without out of band knowledge, but I think that
the basicConstraint way is simpler.

Moshe

Stephen Kent wrote:

> Moshe,
>
> >RFC2459 IS broken in the since the it recommends generating EE certificate
> >that
> >require out of band information to to know that it not a CA certificate.
>
> I disagree. The ambiguity arises only because X.509 allows both EE and CA
> certs to not have this extension, as my analysis shows, and because the
> verifier does not know whether a PKIX or X.509 compliant CA issued the
> cert.
>
> Steve
begin:vcard 
n:Litvin;Moshe
tel;fax:+972 3 5759256
tel;work:+972 3 7534601
x-mozilla-html:TRUE
org:Check Point Software Technologies Ltd.
adr:;;;;;;
version:2.1
email;internet:moshe@CheckPoint.com
fn:Moshe Litvin
end:vcard