[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CAdES implementation. Complete Revocation References attribute.

To: "Pope, Nick" <Nick.Pope@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: CAdES implementation. Complete Revocation References attribute.
From: Julien Stern <julien.stern@xxxxxxxxxxxxx>
Date: Wed, 05 Mar 2008 11:02:40 +0100
Cc: "'Pavel V. Smirnov'" <spv@xxxxxxxxxxxx>, ietf-smime@xxxxxxx, "'LISTSERV@xxxxxxxxxxxxx'" <LISTSERV@xxxxxxxxxxxxx>
In-reply-to: <6FC9E49ED3472043A38619BFA97F37B5B49F34@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
References: <6FC9E49ED3472043A38619BFA97F37B5B49F34@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-smime@xxxxxxxxxxxx
User-agent: Icedove 1.5.0.14pre (X11/20071018)


Pope, Nick wrote:

Pavel,
One your first question, if there is no CRL or OCSP available than thesequence can be empty.


Nick,

The standard says:

At least one of CRLListID or OcspListID or OtherRevRefs should bepresent for all but the "trusted" CA of the certificate path.


So it seems the sequence cannot be empty.

Peter Rybar's suggestion regarding the second point (repeated below) isfine.

I respectfully disagree. What Pavel asked was how to _reference_ an OCSPresponder certificate, not how to include it into the signature.


So, for CAdES-C, the proposed solution is not applicable.

Furthermore, if you do this, CAdES-X is not a secure form of CAdESanymore because you do not timestamp the reference to the OCSP respondercertificate.

I already pointed out on both lists that CAdES section 6.2.2 was notsuited to real-world PKIs.

Again, this issue comes from the fact it assumes that all validationdata can be represented as a single chain, when it is in fact a tree (assoon as there is a certificate renewal or an indirect CRL or a dedicatedOCSP responder).


CAdES should really be fixed to handle these cases.

One solution would be to allow implementations to put certificatereferences and revocation references in any order and not to check forcorrespondance between the two (like in XAdES actually).

During the latest plugtest on CAdES that we participated in, it appearedthat implementations already handled this scenario anyway...


Regards,

--
Julien

"RFC 2560
4.2.1  ASN.1 Specification of the OCSP Response
BasicOCSPResponse       ::= SEQUENCE {

      tbsResponseData      ResponseData,

      signatureAlgorithm   AlgorithmIdentifier,

      signature            BIT STRING,

      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
It means: you must use the OPTIONAL certs for this purpose.
Similar problem is solving with timestamp, where the certs and CRL fortimestamp validation are included in the timestamp and not in thesignature which is timestamped."
Peter
-----Original Message-----
*From:* Pavel V. Smirnov [mailto:spv@xxxxxxxxxxxx]
*Sent:* 04 March 2008 13:46
*To:* Nick.Pope@xxxxxxxxxxxxxxxxxxxx; ietf-smime@xxxxxxx
*Subject:* CAdES implementation. Complete Revocation References attribute.
Hello all and personally Nick!
I have a couple new questions regarding CAdES implementation.
Consider section 6.2.2 of ETSI 101 733 v1.7.3 (excerpt):
CompleteRevocationRefs shall contain one CrlOcspRef for thesigning-certificate, followed by one
for each OtherCertID in the CompleteCertificateRefs attribute. Thesecond and subsequent CrlOcspRef
fields shall be in the same order as the OtherCertID to which theyrelate. At least one of CRLListID or
OcspListID or OtherRevRefs should be present for all but the "trusted"CA of the certificate path.
The first question.
It seems to me that one can include an empty CrlOcspRef (without anyCRLListID or
OcspListID or OtherRevRefs) for a "trusted" CA. Am I right? If onecannot do like that, then all "trusted" CA certificates have to beplaced at the end of CompleteCertificateRefs SEQUENCE. Which way isright? Or may be both?
The second question.
It's quite clear how to compose this attribute in a simple CRL-onlycase. Now, let us use OCSP. Where should one place a certificate ofOCSP-responder? It would be great if one could place a reference to thiscertificate in CompleteCertificateRefs (but it is in some way prohibitedby the phrase "It references the full set of _CA_
certificates that ... " in section 6.2.1). Let us assume that thiscertificate is no-check and one does not need to place the correspondingCrlOcspRef into CompleteRevocationRefs attribute. Then one have toequate such OCSP-responder certificate to a "trusted" CA and eitherinclude an empty CrlOcspRef in CompleteRevocationRefs or place thecertificate at the end of CompleteCertificateRefs SEQUENCE. How should Isolve this?
Pavel Smirnov

Crypto-Pro
Tel./Fax: +7 495 780-4820
WWW: http://www.CryptoPro.ru <http://www.cryptopro.ru/>
e-mail: spv@xxxxxxxxxxxx <mailto:spv@xxxxxxxxxxxx>

References:
- RE: CAdES implementation. Complete Revocation References attribut e.
  - From: Pope, Nick

Prev by Date: RE: CAdES implementation. Complete Revocation References attribut e.
Next by Date: RE: CAdES implementation. Complete Revocation References attribut e.
Previous by thread: RE: CAdES implementation. Complete Revocation References attribut e.
Next by thread: RE: CAdES implementation. Complete Revocation References attribut e.
Index(es):
- Date
- Thread