jsp(_at_)jgvandyke(_dot_)com (John Pawling) writes:
If the S/MIME WG agree that this is a valid requirement, then I recommend
that the S/MIME v3 Certificate Handling spec could be changed so that it
includes a section defining a certificate extension that identifies the
"corporate key" cert. The ASN.1 syntax could be a SEQUENCE of issuer
GeneralNames and serialNumber (to uniquely identify the cert). The text
would state that the extension would be non-critical so that non-S/MIME apps
could share the use of the cert.
I think this is a really bad move, it's basically an X.509 analog of PGP
5.x's greatly-criticised CMR/GAK feature (as was pointed out in an earlier
message). What makes this much more dangerous though is that it's being done
as an X.509 extension, which means that any CA can add a GAK key to the certs
it signs. Australia is currently considering making it illegal to run a
non-government-approved CA. The UK has been thinking about the issues of
government-controlled CA's for some time now. Surprisingly the US hasn't
looked at this yet, but I suspect that's only because it's not (currently)
possible to do GAK with X.509. If this facility is added then it's only a
matter of time before governments start requiring CA's to include GAK keys in
every cert they sign. It's almost trivial to do, once a proper PKI is
established you require that CA's change the GAK extension from non-critical
to critical and always include it in certificates. Since it won't be possible
to do business electronically without a cert from some recognised CA, everyone
will be forced into using GAK.
I consider the inclusion of GAK-ready features a really bad move which is just
asking for trouble in the future. Having something like this in S/MIME is bad
enough, building it into something which will become as pervasive as X.509
would be a disaster.
Peter.