Blake,
You wrote:
I suspect that it won't hurt anything to specify a SEQUENCE OF
IssuerAndSerialNumber, but I don't think that CA namespace collisions
pose a significant problem.
(...)
I certainly agree that solving the "I stuck another
IssuerAndSerialNumber for another certificate with the same public key
in a SignerInfo" problem is a Very Good Idea, and is A Necessity. I
just don't know if we need to go the extra step for the SEQUENCE with
the IssuerAndSerialNumbers for the entire chain.
Comments welcome.
Sorry for the delay to respond.
Let us start by some intuition. If CA names can be confusing, then the
identity of the signer may also be confused. The signer is identified by
a CA name and a serial number. It is thus possible to retrieve the
corresponding certificate that contains the signature verification key
and the name of the signer.
Suppose there exists two CAs with the name "Postal Service", one located
in the US and the other one in the Banana Republic of Barracuda. James
Brown is signing a document. The CA name "Postal Service" (located in
the US) and the certificate serial number are included in the signed
stuff.
The CA named "Postal Service" located in the Banana Republic of
Barracuda issues for 200 $ (instead of the regular 20 $) a certificate
for Willy Hacker with the same serial number (let us assume that this
number has not yet be used by the CA) and the same public key value. Of
course, for 200 $ that CA omits to perform POP (Proof of Possession of
the private key) as it should normally do.
Now the document appears to be signed by Willy Hacker instead of James
Brown.
There may be different ways to solve the problem, one of them is to use
a SEQUENCE OF issuer names and serial number.
Denis
--
Denis Pinkas Bull S.A.
mailto:Denis(_dot_)Pinkas(_at_)bull(_dot_)net
Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87
78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21