IETF Logo Mail Archive

Re: [certid] Need to define "most specific RDN"

Peter Sylvester <peter.sylvester@edelweb.fr> Tue, 06 July 2010 16:42 UTC

Return-Path: <peter.sylvester@edelweb.fr>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B23073A67C0 for <certid@core3.amsl.com>; Tue, 6 Jul 2010 09:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YcFHEVRHuo4Q for <certid@core3.amsl.com>; Tue, 6 Jul 2010 09:42:15 -0700 (PDT)
Received: from ganymede.on-x.com (ganymede.on-x.com [92.103.215.11]) by core3.amsl.com (Postfix) with ESMTP id 2BCC33A63C9 for <certid@ietf.org>; Tue, 6 Jul 2010 09:42:15 -0700 (PDT)
Received: from varuna.puteaux.on-x (varuna.puteaux.on-x [192.168.10.6]) by ganymede.on-x.com (Postfix) with ESMTP id A8990170 for <certid@ietf.org>; Tue, 6 Jul 2010 18:42:16 +0200 (CEST)
Received: from smtps.on-x.com (mintaka.puteaux.on-x [192.168.14.11]) by varuna.puteaux.on-x (Postfix) with ESMTP id 93B6D17048 for <certid@ietf.org>; Tue, 6 Jul 2010 18:42:16 +0200 (CEST)
Received: from [192.168.0.14] (gut75-3-82-227-163-182.fbx.proxad.net [82.227.163.182]) by smtps.on-x.com (Postfix) with ESMTP id 0E43C782B for <certid@ietf.org>; Tue, 6 Jul 2010 18:42:15 +0200 (CEST)
Message-ID: <4C335CE5.1090608@edelweb.fr>
Date: Tue, 06 Jul 2010 18:42:13 +0200
From: Peter Sylvester <peter.sylvester@edelweb.fr>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
MIME-Version: 1.0
To: certid@ietf.org
References: <201006301746.o5UHkIsE019133@fs4113.wdf.sap.corp> <4C2B843A.5010206@stpeter.im> <4C305B93.9090001@velox.ch> <201007061435.29786.ludwig.nussel@suse.de>
In-Reply-To: <201007061435.29786.ludwig.nussel@suse.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [certid] Need to define "most specific RDN"
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 16:42:16 -0000

On 07/06/2010 02:35 PM, Ludwig Nussel wrote:
> Kaspar Brand wrote:
>    
>> [1] Re-reading section 3.1 in RFC 2818 can actually confirm this
>> hypothesis, under the following interpretation: "the (most specific)
>> Common Name field in the Subject field of the certificate MUST be used"
>> can be understood to mean the domain name which has the highest number
>> of DNS labels: if the subject has CN=foo.example.net and CN=example.net,
>> then the first one must be used for the identity check (it's more
>> specific than CN=example.net), irrespective of its position in the DER
>> encoded subject, actually.
>>      
> That interpretation at least doesn't require knowledge about
> certificate encoding subtleties. It's ambiguous though. You could
> have several CN with an equal number of dots after all. Just think
> of this one:
> http://www.mail-archive.com/openssl-users@openssl.org/msg61198.html
>
> cu
> Ludwig
>
>    
X.500 defines a tree structure, the nodes are relative names put
into a hierarchie represented by a DN. a prefix of the elements in
the sequence defines thus a "subtree", and the relative name of a leaf
is the rightmost element, In a tree the most specific element a leaf
and moving backwards defined less specific.

There is no need at all to talk about binary encoding, or DER or
whatever. A DN is a sequence of relative names forming a tree
structure when interpreted in the X.500 context. This is thus
one clear interpretation of 'most specific'  (for a RDN).

But: Since RDN can have multiple occurences of AVAs with the
same type, (and one my even construct interpretations as above)
it is not clear whether anything else than putting exactly one AVA
with type Common Name into the very last component and not
having any AVA with type Common name may lead to unexpected
results, making 2818 unclear.

At least I think one can agree that Common name in the last RDN
as the only AVA is "safe". What can one do else:

- some other RDNs without after it? probably ok, but not sure.
- other RDNs with Common Name before? oh oh, like th \0 attack
- multiple AVAs in the same RDN. maybe.
...

Anyway, since there is no good reason not to put a subjectAltName,
I do not think that one shouls say anything more than
"If you use a Common Name other than in the most simple case one
  may run a risk not to be interpreted correctly."

replace:

    The subject field of a PKIX certificate is defined as an X.501 type
    Name and known as a Distinguished Name (DN) -- see [X.501] and
    [PKIX].....  and so on

by

    In essence, Subject (and Issuer) are essentially are defined in PKIX and
    X.50x/ISOnnnn  as ASN.1 type DistinguishedName which is (in ASN.1 terms)
    a a row of elements (SEQUENCE OF in ASN.1 terms)
    of type RelativeDistinguishedName (RDN).

    In the directory context and in the PKIX context
    this defines a hierarchical tree structure
    from left to right and least to most specific, i.e. a prefix defines
    a subtree and the relative name of a leaf is the rightmost one
    in the sequence.
    An RDN is a collection (SET OF in ASN.1 terms) of elements of
    the ASN.1 type  AttributeValueAssertion (AVA).  ... leaving as
    exercise a definition of AVA.

    Thus, regarding this, the usage of "most specific RDN of type Common
    Name" in HTTPS is not precise enough.
    Furthermore,  string representations (as well as graphical ones)
    may confuse
    users because of two possible interpretations of an implied order of 
RDNs.
    e.g. LDAP define the order ....
    and, historically, Openssl uses the other direction.

By the way: Certificates are not binary objects. At best:

Certificates are structures defined as ASN.1 types, and (almost always) 
transmitted in
an encoding called DER... which may be encapsulated in base64, i.e.
becoming textual ... etc. Anyway, does this matter here?

Compare: The last paragraph of 2.2 doesn't use DER.

SubjectAltname is not a 'field', it is an occurence of type
Extension identified (... let's say ... ) as SunjectAltName.

Certificate subjects may have alternate names represented as Extension
identified as SubjectAltName.

Thus: 2.2 can be greatly simplified IMO.

ave fun.

v2.8.7 | Report a Bug | By Email