Hi Guys,
Here is something that I have proposed in the past to help
identify a cert uniquely, that might work for you:
CertID ::= SEQUENCE {
issuerNameAndKeyHash Hash,
serialNumber CertificateSerialNumber,
}
IssuerNameAndKey ::= SEQUENCE {
issuer Name,
issuerPublicKey SubjectPublicKeyInfo
}
i.e. you identify a cert by the hash of the IssuerNameAndKey
and a serial number.
The hash includes the public key of the issuer - this prevents the
Banana Republic CA from impersonating our well beloved and well
trusted US CA ;-).
Any comments?
Ambarish
Jim Schaad (Exchange) wrote:
Denis,
This is not sufficent to fix your problem. If the Postal Service in Banana
Republic is using the same name, why would they not use the same serial
number as well? Then you would not have any advantage by putting in the
sequence to the issuer. If you really want to solve this problem you should
proprose that we add a hash of the certificate to the single issuer serial
number in the signing certificate attribute. This way everyone can be sure
that we are starting at the same point. If the Postal Service in Banana
Republic captures the real Postal Serice private keys then you are
completely out of luck about everything as you now have a rogue CA running.
jim
-----Original Message-----
From: Denis Pinkas [mailto:Denis(_dot_)Pinkas(_at_)bull(_dot_)net]
Sent: Tuesday, March 17, 1998 5:42 PM
To: Blake Ramsdell
Cc: Jim Schaad (Exchange); 'jsp(_at_)jgvandyke(_dot_)com'; Ietf-Smime (E-mail)
Subject: Re: Inclusion of the issuer and serial number in authenticated
in formation
Blake,
You wrote:
I suspect that it won't hurt anything to specify a SEQUENCE OF
IssuerAndSerialNumber, but I don't think that CA namespace collisions
pose a significant problem.
(...)
I certainly agree that solving the "I stuck another
IssuerAndSerialNumber for another certificate with the same public key
in a SignerInfo" problem is a Very Good Idea, and is A Necessity. I
just don't know if we need to go the extra step for the SEQUENCE with
the IssuerAndSerialNumbers for the entire chain.
Comments welcome.
Sorry for the delay to respond.
Let us start by some intuition. If CA names can be confusing, then the
identity of the signer may also be confused. The signer is identified by
a CA name and a serial number. It is thus possible to retrieve the
corresponding certificate that contains the signature verification key
and the name of the signer.
Suppose there exists two CAs with the name "Postal Service", one located
in the US and the other one in the Banana Republic of Barracuda. James
Brown is signing a document. The CA name "Postal Service" (located in
the US) and the certificate serial number are included in the signed
stuff.
The CA named "Postal Service" located in the Banana Republic of
Barracuda issues for 200 $ (instead of the regular 20 $) a certificate
for Willy Hacker with the same serial number (let us assume that this
number has not yet be used by the CA) and the same public key value. Of
course, for 200 $ that CA omits to perform POP (Proof of Possession of
the private key) as it should normally do.
Now the document appears to be signed by Willy Hacker instead of James
Brown.
There may be different ways to solve the problem, one of them is to use
a SEQUENCE OF issuer names and serial number.
Denis
--
Denis Pinkas Bull S.A.
mailto:Denis(_dot_)Pinkas(_at_)bull(_dot_)net
Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87
78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21
--
---------------------------------------------------------------------
Ambarish Malpani
Architect (650) 849-9880
ValiCert, Inc. ambarish(_at_)valicert(_dot_)com
3160 W. Bayshore Road http://www.valicert.com
Palo Alto, CA 94303