ietf-smime
[Top] [All Lists]

Re(2): Finding and retrieving applicable Attribute Certificate(s)

1998-05-07 08:13:22
I am sorry if I may have confused anyone, but I would like to clarify some
of your comments.

At 03:05 PM 06/05/98 -0400, you wrote:
From: Francois Rousseau <f(_dot_)rousseau(_at_)adga(_dot_)ca>

This
implies that the signedInfo issuerAndSerialNumber field can NOT uniquely
identify both the public key certificate and the AC for each originator.


Either I am completely confused about the point you are trying to make,
or you are confused about the difference between an attribute authority
and the subject of an attribute certificate.

To clarify:

* a public key certificate is issued and signed by a CA.

* in a public key certificate, the CA is identified through the issuer
field represented by "Name" AND/OR the issuerAltName extension represented
by "GeneralNames". 

* one or more attribute certificates are issued and signed by one or
  more AAs, which in general are different from the CA.

* in an AC, the AA is identified only through the issuer field represented
by "GeneralNames".

* each AC refers to one or more base public key certificates
  (the "subject") which, as you point out, can be referred to using
  either a baseCertificateID or a subjectName.

Instead it should have read:

* each AC refers to a subject, which can be identified by using either a
baseCertificateID or a subjectName.

* if the subject of a particular AC is identified by a baseCertificateID,
it is represented by a SEQUENCE of the GeneralNames of the issuer (i.e. the
CA) and the CertificateSerialNumber of the subject's public key
certificate, and an OPTIONAL issuer unique identifier. As the subject's
public key certificate is revoked and reissued, ACs using this approach
also needs to be revoked and reissued in order to remain valid.

* if instead the subject of a particular AC is identified by a subjectName,
it is currently only represented by the GeneralNames of the subject. As the
subject's public key certificate is revoked and reissued, ACs using this
approach will not be impacted.

Note that when the latter approach is used and to address the masquerade
issue raised by Capt Hayes, it has been suggested that the subject should
also be identified by the name of the issuer (i.e. the CA) of its public
key certificate in addition to the subject's GeneralNames.

* the CMS SignerInfo issuerAndSerialNumber field refers to one public
  key certificate.

Therefore, since the issuerAndSerialNumber field refers to one public key
certificate, and all ACs have a subject (public key certificate),
then the issuerAndSerialNumber field uniquely determines both the
signer and all ACs which apply to the signer. 

Yes the issuerAndSerialNumber field identifies, which signer's public key
certificate MUST be used by the recipient to verify the integrity and
authenticity of the signed message.

However, as indicated by both Rich Ankney and Denis Pinkas, the originator
may have multiple ACs. It should be up to the originator to indicate which
ones he/she is wishing the recipient to use. The recipient should only be
allowed to use what is possible within the choice of the originator.

Because of this, the issuerAndSerialNumber field can NOT at the SAME TIME
uniquely identify, which signer's public key certificate and which
particular AC, of the many ACs an originator may have, MUST be used by the
recipient to verify an authorization service conveyed through this
particular AC, which is bound to this signed message.

Francois Rousseau