Re: CA vs. EE cert processing

[Stephen Kent <kent@xxxxxxxxxxx>]

Moshe,

>If PKIX mandated inclusion of basicConstraint then PKIX CA would issue
>certificates that are unambiguous to every X.509v3 verifier. The verifier need
>to know that the CA is a PKIX only if the certificate doesn't contain the
>extension. Once the extension is in the certificate the ambiguity disappear.

Yes, all of our certs would be unambiguous, but, as I have said several
times before, the problem would exist for PKIX-compliant verifiers.  So, I
am not pursuing a partial solution.

>PKIX chose to signal EE certificate by the absence of the extension, a way
>that
>require out of band knowledge.
>
>Based on this analyses I call PKIX broken. You can tell that it is X.509
>fault,
>but PKIX failed to fix it, when it could easily make things much better.

But, that would be a wrong conclusion.  remember, what a verifier needs is
an ability to unambiguously identify CA certs, not EE certs, and we did
that. PKIX fixed the problem that X.509 presented in so far as making CA
certs unambiguous.

>Mandating a basicConstraint is not the only way for removing that ambiguity.
>PKIX can mandate inclusion of a keyUsage extension or of a policy OID that
>specify that this is a PKIX certificate. Both of this solutions allows
>processing of the certificate without out of band knowledge, but I think that
>the basicConstraint way is simpler.

Yes, we could trigger on other extensions, but I think that misses the
point, i.e., X.509 needs to be fixed.

Steve