Re Dave's item 2 about the new prototype certificate, I, too, was wondering
what was achieved by changing to a different format. Is there some
benefit?
The new format is
CertificationRequest ::= SIGNED SEQUENCE {
version INTEGER, -- 0 for this version
subject Name, -- requestor's distinguished name
subjectPublicKeyInfo SubjectPublicKeyInfo -- requestor's public key
}
The old format is Certificate with a digest rather than a signature.
Two benefits:
1. Minimal information. The user need not assign the issuer name,
serial number, validity period. The certification authority may
change these anyway.
2. Protection against an attack where a user requests a certificate
with someone else's public key. The user signs the (name, public
key) combination, proving that the user has the private key and is
not replaying someone else's signature.
The removal of the co-issuer service opened the possibility for a
simpler format. Co-issuer service requests carried prototype
certificates, since the organizational notary was specifying the full
certificate to be signed. "Notary" service requests also carried
prototype certificates, but the certification authority could change
everything except subject name and public key. Since the "notary" case
(in a general form) is the only one that remains, the extra fields
were dropped.
Bob Jueneman mentioned the need for the requestor to sign some part of
the prototype certificate. Along with the change to a simpler form, a
signature was added.
-- Burt