On Wednesday, February 25, 1998 5:49 PM, Rich Ankney
[SMTP:rankney(_at_)erols(_dot_)com] wrote:
I've been having a side conversation with Ambarish Malpani of
Valicert.
He raised the following question (in a different context): can we
really
ensure that the issuer DN is unique? Clearly it will (or should) be
in
the context of a single root CA (assuming each CA ensures there are
no duplicates in the names it certifies). But this may not be true
where
we have cross-certification. Should we include something else to make
the construct unique (e.g. hash of the CA public key)? (This affects
things besides CMS, of course...)
I don't think that there is any problem with multiple issuers with the
same name (besides the inconvenience). The cert path using the wrong
issuer certificate will fail cryptographically (the signature check will
fail), so the path will be broken, and the signature will not be
trusted. I have seen at least two X.509 cert path implementations that
implement a certificate database using the combination of issuer name
and serial number as the primary key into the database, so I think that
the worst attack is denial of service (getting the "wrong" cert
identified by issuer and serial number).
There are other cases (such as the one that Ambarish is worried about)
where there is no cryptographic binding -- the case in point is OCSP
where you request the revocation status of a certificate by specifying
the issuer name and serial number, and there is no real binding to
either the issuing CA certificate or the certificate for which you are
checking the status, since the response is not necessarily signed by the
issuer private key. I may have characterized this incorrectly, so
someone slap me if I'm wrong.
Now that I think about it, I could be all wrong about everything I've
said here. It happens. I get tired. Corrections welcome.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060