ietf-smime
[Top] [All Lists]

Re: Inclusion of the issuer and serial number in authenticated in formation

1998-03-18 05:58:21
(Response from Jim)

Denis,

This is not sufficent to fix your problem.  If the Postal Service
in Banana Republic is using the same name, why would they not use 
the same serial number as well?  

In the case I described, they do use the same serial number.

Then you would not have any advantage by putting in the
sequence to the issuer.

Not exactly. The next sequence (assuming it ends up to a trust point)
will allow to make the difference between the Postal Service from the US
and the postal Service from the Banana Republic. If this is not yet a
trust point, then you add another leg and so on until you reach a trust
point. A I said, this is one possibility among others.
  
If you really want to solve this problem you should
proprose that we add a hash of the certificate to 
the single issuer serial number in the signing certificate 
attribute.  This way everyone can be sure that we are 
starting at the same point.  

You are right. This is another way to solve the problem, without the
need to indicate the other legs.

Ambarish Malpani has been proposing the following:

==================================================

Here is something that I have proposed in the past to help
identify a cert uniquely, that might work for you:

CertID                  ::=     SEQUENCE {
        issuerNameAndKeyHash            Hash,
        serialNumber                    CertificateSerialNumber,
}

IssuerNameAndKey                ::=     SEQUENCE {
        issuer                          Name,
        issuerPublicKey                 SubjectPublicKeyInfo
}

i.e. you identify a cert by the hash of the IssuerNameAndKey
and a serial number.

The hash includes the public key of the issuer - this prevents the
Banana Republic CA from impersonating our well beloved and well
trusted US CA ;-).

==================================================

This is not the right solution since the hash is not usable to point to
the certificate, but only there to make sure that the right certificate
is being selected.

Instead we should have something like:

CertUID ::=     SEQUENCE {
       issuerAndserialNumber   IssuerAndserialNumber,
       certificateHash         CertHash,
}

The certUID is the Certificate Unique Identifier.

The advantage is that other links do not need to be explored, nor
indicated. So my preference would be to fix the start point, as you
suggested.

Denis


(previous E-mail from Denis)
 
Let us start by some intuition. If CA names can be confusing, then the
identity of the signer may also be confused. The signer is identified by
a CA name and a serial number. It is thus possible to retrieve the
corresponding certificate that contains the signature verification key
and the name of the signer.

Suppose there exists two CAs with the name "Postal Service", one located
in the US and the other one in the Banana Republic of Barracuda. James
Brown is signing a document. The CA name "Postal Service" (located in
the US) and the certificate serial number are included in the signed
stuff.

The CA named "Postal Service" located in the Banana Republic of
Barracuda issues for 200 $ (instead of the regular 20 $) a certificate
for Willy Hacker with the same serial number (let us assume that this
number has not yet be used by the CA) and the same public key value. Of
course, for 200 $ that CA omits to perform POP (Proof of Possession of
the private key) as it should normally do.

Now the document appears to be signed by Willy Hacker instead of James
Brown.

There may be different ways to solve the problem, one of them is to use
a SEQUENCE OF issuer names and serial number.

Denis

-- 
      Denis Pinkas     Bull S.A.          
mailto:Denis(_dot_)Pinkas(_at_)bull(_dot_)net
      Rue Jean Jaures  B.P. 68            Phone : 33 - 1 30 80 34 87
      78340 Les Clayes sous Bois. FRANCE   Fax  : 33 - 1 30 80 33 21