Dear Mr. Lowry:
Thank you for your comments concerning our implementation of
COST-PEM and in particular CRLs. After studying them and
PEM RFCs carefully, we still believe that our COST-PEM
system is WORKABLE and COMPLIANT with PEM RFCs, although we
still believe that in order to perform certificate
validation the user does not need CRLs for each and every CA
in the partner's certification path.
1. During generation of certificates, it is clear that
certificates migrate "downwards" through the hierarchy, i.e.
PCAs have the IPRA certificate, the lower level CAs have the
certificate of the IPRA and their PCA, and so on up to the
individual users, who accumulate initially (after their
registration) all certificates along their certification
path.
2. Because of 1., when some CA in the hierarchy generates a
new certificate (say with new private and public components,
for more general case), after receiving it signed, it must
re-sign certificates of its lower level CAs, store current
certificates in the CRL and SEND downwards the new
certificates. Because of 1., they must further "propagate"
through the subtree of the hierarchy all the way to all
individual users.
3. RECEIVING LETTERS: When I receive the COST-PEM letter
from my partner, the letter will contain partner's
(Originator) and his/her CA's (Issuer) certificates. Lets
say that my partner is in the subtree with changed
(therefore revoked) certificates, as in 2. If I don't have
my partner's complete certification path (received earlier),
I will issue the request to his/her CA, get all the
currently VALID certificates and perform validation. If I
happen to have earlier all the certificates along his path
(some of them revoked !), my validation will FAIL, so I will
ask the new valid certificates again and successfully
validate his/her certificate.
4. SENDING LETTERS: If I want to send the ENCRYPTED letter
to my partner, then [RFC 1422, section 2, fourth paragraph]
"... prior to sending an encrypted message (using PEM), an
originator must acquire a certificate for each recipient and
must validate these certificates." ..... (*)
-----
So, in all cases I can send and receive letters from my
partners and I can verify their certificates without having
locally all CRLs of all CAs along his/her certification
path. We run CRLs EXACTLY as described in RFC 1422,
3.4.1.3., second paragraph. We did not implement the "CRL"
type of PEM message [RFC 1421, 4.6.1.1.4], since we believe
that (1) it is not necessary to have locally all the CRLs in
order to perform validation, as explained in this letter,
and (2) we believe that our validation system is more
efficient that the one described in PEM standards. We
explicitelly state that in our COST-PEM policy.
We intend to implement the "CRL" type of the PEM message for
validation of outdated PEM letters, but in the next version
of the COST-PEM system.
Therefore, we do not perform certificate validation BY
DEFINITION (probably you meant following blindly PEM RFCs),
but by the described procedure.
My statement that "... CRLs are not quite worked out in PEM
RFCs" meant our interpretation that if you follow the (*)
procedure, then we believe that you don't need locally CRLs,
and also that we couldn't find explicitly the mechanism in
RFC 1424 to perform step 2. described above.
--------------------
Do we still missunderstand the essence of PEM certificate
validation ?
Regards,
Sead Muftic
COST Computer Security Technologies AB
Stockholm, Sweden
!