[Top] [All Lists]

Re: Problem for public CAs

2000-02-09 10:13:38

Please describe a security vulnerability that is caused by lack of
email address in subjectAltName.

* In the case of authentication:
I sign my own messages with (one of) my own certs.  The subject name of
my cert is displayed to the recipient when the message signature is
validated.  What vulnerability is introduced if a message signed by
"C=US ... CN=David Kemp" comes from any email address, or mail list
address, in the world?  The "from" and "reply-to" fields are both
irrelevant to the authentication.

* In the case of confidentiality:
I want to send a message to "C=CA ... CN=Joe Smith".  I look up Joe's
email address in my address book, which might be correct or incorrect.
If Joe receives the message using whatever email address I have for him,
he can read the message.  If my address book is incorrect and Fred
receives the message, he can't read it because he doesn't have Joe's
private key.

It seems to me that if there are security vulnerabilities, they are
the result of a flawed HMI, not a flawed certificate profile.  If
the HMI does not associate the subjectName with the message to which
it is cryptographically bound, you will have vulnerabilities.


Date: Wed, 09 Feb 2000 11:27:35 -0500
To: "Graham Laws" <lawsg(_at_)it(_dot_)postoffice(_dot_)co(_dot_)uk>
From: Russ Housley <housley(_at_)spyrus(_dot_)com>
Subject: Re: Problem for public CAs
Cc: "'SMIME IETF'" <ietf-smime(_at_)imc(_dot_)org>


Certificates usually contain a subject name and a public key.  However, 
this information is not adequate for a mail user agent to determine which 
certificate goes with a particular e-mail address.  That is why the S/MIME 
RFCs require the inclusion of the e-mail address in the subjectAltName.

Several people have tried to build S/MIME capabilities that support 
certificates without e-mail address in the subjectAltName.  The results are 
security vulnerabilities!  The address book must be used to associate the 
certificate and the e-mail address.  Users are not very good at associating 
the correct certificate with the correct address book entry (that is, the 
correct e-mail address).  This mismatch has impacts on both authentication 
and confidentiality.


<Prev in Thread] Current Thread [Next in Thread>