Re: [pkix] Self-issued certificates

"Miller, Timothy J." <tmiller@mitre.org> Thu, 16 July 2015 14:43 UTC

Return-Path: <tmiller@mitre.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88AFB1A9140 for <pkix@ietfa.amsl.com>; Thu, 16 Jul 2015 07:43:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W4HXWNEg4oaw for <pkix@ietfa.amsl.com>; Thu, 16 Jul 2015 07:43:32 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 4B4811A913F for <pkix@ietf.org>; Thu, 16 Jul 2015 07:43:32 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id DDD356CC0F5; Thu, 16 Jul 2015 10:43:31 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (imshyb02.mitre.org [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id CF9516C06D6; Thu, 16 Jul 2015 10:43:31 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (129.83.29.3) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Thu, 16 Jul 2015 10:43:31 -0400
Received: from na01-bn1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1044.25 via Frontend Transport; Thu, 16 Jul 2015 10:43:31 -0400
Received: from BY2PR09MB109.namprd09.prod.outlook.com (10.242.36.149) by BY2PR09MB109.namprd09.prod.outlook.com (10.242.36.149) with Microsoft SMTP Server (TLS) id 15.1.213.14; Thu, 16 Jul 2015 14:43:30 +0000
Received: from BY2PR09MB109.namprd09.prod.outlook.com ([10.242.36.149]) by BY2PR09MB109.namprd09.prod.outlook.com ([10.242.36.149]) with mapi id 15.01.0213.000; Thu, 16 Jul 2015 14:43:30 +0000
From: "Miller, Timothy J." <tmiller@mitre.org>
To: "mrex@sap.com" <mrex@sap.com>
Thread-Topic: [pkix] Self-issued certificates
Thread-Index: AQHQvO6Win+gscY4xki0Ne4yM5Okv53YpJmAgADHUoCAAC03gIABiFsAgABHlACAAXDtAIAAB9uAgAFHIYCAAAi2AA==
Date: Thu, 16 Jul 2015 14:43:29 +0000
Message-ID: <198BA0FB-79C1-4AAB-BA15-554C653CE571@mitre.org>
References: <20150716141217.913ED1A1EB@ld9781.wdf.sap.corp>
In-Reply-To: <20150716141217.913ED1A1EB@ld9781.wdf.sap.corp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sap.com; dkim=none (message not signed) header.d=none;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [128.29.115.169]
x-microsoft-exchange-diagnostics: 1; BY2PR09MB109; 5:odD+8pDAq1EnG357rry2DqGTR7/rvRxVAZPoMKj0ZgzZXGQd5Bl7lSW1F5nksf/tJemurnKLGXHyQ+PJZF+eXXF7N8L3jejrBHBTgRXJ1OrkY7zlC+LlhVJxDUYkAQP/JkaAsAfnMqHqYKmifGQygw==; 24:xT8O0WiMqOi1F1pL2hOR6GSlCX4xPzLBi7IsJJSKvmv0hn0wttel396lsJGTqi1hFv8f5PUGEnQAycdW4eC51WToP8peXrqxMG9k1ONdPU0=; 20:b5ZM4wX4e+pzXoLDuwhLkfPYoawNKcQ0i8Ybb2vOmqNsemrJmrFyuJK6hc3xjYtGyThxVlTDgWjQdaUya7CuCg==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR09MB109;
by2pr09mb109: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <BY2PR09MB1091D423C9BE3389674ACEBAE990@BY2PR09MB109.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BY2PR09MB109; BCL:0; PCL:0; RULEID:; SRVR:BY2PR09MB109;
x-forefront-prvs: 0639027A9E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(77156002)(40100003)(2656002)(106116001)(87936001)(86362001)(122556002)(558084003)(99286002)(33656002)(5002640100001)(62966003)(2501003)(110136002)(46102003)(189998001)(66066001)(5001920100001)(5001960100002)(77096005)(2351001)(83716003)(50986999)(82746002)(92566002)(2900100001)(54356999)(2950100001)(76176999)(102836002)(36756003)(7059030)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR09MB109; H:BY2PR09MB109.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-ID: <8A9E35927BDEFA46BF28E3839394B073@namprd09.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2015 14:43:29.8093 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR09MB109
X-OriginatorOrg: mitre.org
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/OJaLZLWscw242ZFx50jKWk2Ui5M>
Cc: PKIX <pkix@ietf.org>
Subject: Re: [pkix] Self-issued certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 14:43:33 -0000

> Only a signature of the new key with the old key could provide
> such a proof.  

Umm, that’s what an RFC 4210 CA Key Update Announcement is.  Actually, it contains the old key signed with the new key, the new key signed with the old key, and the new key self-signed.

— T