Re: charter revisions
Stephen Kent <kent@bbn.com> Fri, 31 August 2001 19:10 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA14436 for <pkix-archive@odin.ietf.org>; Fri, 31 Aug 2001 15:10:25 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7VIFZZ24479 for ietf-pkix-bks; Fri, 31 Aug 2001 11:15:35 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7VIFYD24474 for <ietf-pkix@imc.org>; Fri, 31 Aug 2001 11:15:34 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id OAA01710; Fri, 31 Aug 2001 14:13:54 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010408b7b5840efc68@[128.33.84.34]>
In-Reply-To: <3B8E08CA.5C1F2AF1@baltimore.ie>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <3B8E08CA.5C1F2AF1@baltimore.ie>
Date: Fri, 31 Aug 2001 14:13:09 -0400
To: stephen.farrell@baltimore.ie
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: Steve Hanna <steve.hanna@sun.com>, ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 10:35 AM +0100 8/30/01, Stephen Farrell wrote: >Steve (K), > >I'd have to agree with Steve H, though maybe not as strongly. > >My suggestion would be to limit the additional items to the >dpd/dpv. > >In addition the replacement charter text doesn't mention the >fact that PKIX has profiled the X.509 AC which I guess I can't >let pass:-) > >Stephen. > Steve, Gee, 3 Steve's in one message! I'll add mention of the Ac profile. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7VIFZZ24479 for ietf-pkix-bks; Fri, 31 Aug 2001 11:15:35 -0700 (PDT) Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7VIFYD24474 for <ietf-pkix@imc.org>; Fri, 31 Aug 2001 11:15:34 -0700 (PDT) Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id OAA01710; Fri, 31 Aug 2001 14:13:54 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p05010408b7b5840efc68@[128.33.84.34]> In-Reply-To: <3B8E08CA.5C1F2AF1@baltimore.ie> References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <3B8E08CA.5C1F2AF1@baltimore.ie> Date: Fri, 31 Aug 2001 14:13:09 -0400 To: stephen.farrell@baltimore.ie From: Stephen Kent <kent@bbn.com> Subject: Re: charter revisions Cc: Steve Hanna <steve.hanna@sun.com>, ietf-pkix@imc.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> At 10:35 AM +0100 8/30/01, Stephen Farrell wrote: >Steve (K), > >I'd have to agree with Steve H, though maybe not as strongly. > >My suggestion would be to limit the additional items to the >dpd/dpv. > >In addition the replacement charter text doesn't mention the >fact that PKIX has profiled the X.509 AC which I guess I can't >let pass:-) > >Stephen. > Steve, Gee, 3 Steve's in one message! I'll add mention of the Ac profile. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7VEMtb15589 for ietf-pkix-bks; Fri, 31 Aug 2001 07:22:55 -0700 (PDT) Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7VEMsD15585 for <ietf-pkix@imc.org>; Fri, 31 Aug 2001 07:22:54 -0700 (PDT) Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA06185; Fri, 31 Aug 2001 10:25:06 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p05010402b7b54e1e502b@[128.33.84.34]> In-Reply-To: <3B8F4E32.515075B0@stroeder.com> References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]> <3B8F4E32.515075B0@stroeder.com> Date: Fri, 31 Aug 2001 10:24:37 -0400 To: michael@stroeder.com From: Stephen Kent <kent@bbn.com> Subject: Re: charter revisions Cc: ietf-pkix@imc.org Content-Type: text/plain; charset="iso-8859-1" ; format="flowed" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f7VEMsD15586 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> At 10:43 AM +0200 8/31/01, Michael Ströder wrote: >Stephen Kent wrote: >> >> Just as a CA may employ various means to verify a subject's claim to >> a name, a CA can employ analogous means to verify a subject's claim >> to a logotype. In fact, this may be relatively easy to verify if the >> logo is a registered trademark (something a CA could require via its >> CPS). > >Unfortunately it's not that easy. As a CA I would simply refuse to >add logo types to a cert because the CA could be in charge for >trademark abusing afterwards. There are currently too many such >cases going to court because some lawyers want to make a lot of >money out of it (e.g. setting a link on the web page to a name which >is considered to be similar to a trademarked name). Well, we have >the same issue with organization field though...but the lawyers did >not discover it yet. > >Ciao, Michael. Michael, This is not a problem, it's a local decision by a CA and that's fine too. As I noted, this aspect of the logotype extension issue is really quite similar, if not equivalent, to the problem faced by a CA when trying to decide if a claimed DN is acceptable. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7V8huS18241 for ietf-pkix-bks; Fri, 31 Aug 2001 01:43:56 -0700 (PDT) Received: from mailout03.sul.t-online.de (mailout03.sul.t-online.com [194.25.134.81]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7V8hiD18219 for <ietf-pkix@imc.org>; Fri, 31 Aug 2001 01:43:44 -0700 (PDT) Received: from fwd00.sul.t-online.de by mailout03.sul.t-online.de with smtp id 15cjtv-0007jH-05; Fri, 31 Aug 2001 10:43:43 +0200 Received: from junker.stroeder.com (520010731148-0001@[62.224.163.105]) by fmrl00.sul.t-online.com with esmtp id 15cjti-1h121oC; Fri, 31 Aug 2001 10:43:30 +0200 Received: from stroeder.com (localhost [127.0.0.1]) by junker.stroeder.com (Postfix) with ESMTP id 965F4157170; Fri, 31 Aug 2001 10:43:31 +0200 (CEST) Message-ID: <3B8F4E32.515075B0@stroeder.com> Date: Fri, 31 Aug 2001 10:43:30 +0200 From: Michael =?iso-8859-1?Q?Str=F6der?= <michael@stroeder.com> Reply-To: michael@stroeder.com Organization: stroeder.com X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.19 i686) X-Accept-Language: de-DE, de, en MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com> Cc: ietf-pkix@imc.org Subject: Re: charter revisions References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Sender: 520010731148-0001@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Stephen Kent wrote: > > Just as a CA may employ various means to verify a subject's claim to > a name, a CA can employ analogous means to verify a subject's claim > to a logotype. In fact, this may be relatively easy to verify if the > logo is a registered trademark (something a CA could require via its > CPS). Unfortunately it's not that easy. As a CA I would simply refuse to add logo types to a cert because the CA could be in charge for trademark abusing afterwards. There are currently too many such cases going to court because some lawyers want to make a lot of money out of it (e.g. setting a link on the web page to a name which is considered to be similar to a trademarked name). Well, we have the same issue with organization field though...but the lawyers did not discover it yet. Ciao, Michael. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7V0iBj20110 for ietf-pkix-bks; Thu, 30 Aug 2001 17:44:11 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7V0i9D20106 for <ietf-pkix@imc.org>; Thu, 30 Aug 2001 17:44:09 -0700 (PDT) Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Thu, 30 Aug 2001 18:41:25 -0600 Message-Id: <sb8e88d5.035@prv-mail20.provo.novell.com> X-Mailer: Novell GroupWise Internet Agent 6.0 Date: Thu, 30 Aug 2001 16:52:02 -0600 From: "Bob Jueneman" <bjueneman@novell.com> To: <rhousley@rsasecurity.com>, <steve.hanna@sun.com> Cc: <kent@bbn.com>, <ietf-pkix@imc.org> Subject: Re: charter revisions Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=_257F9D25.E081EEC9" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_257F9D25.E081EEC9 Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline I agree with Russ and Al. Validating the appropriateness of the logo is = no more difficult as a business proposition than the due diligence = validation of the corporation's right to a particular name, and in the = case of international companies may actually be easier. Yes, there are problems with scalability, but I was very impressed with = the flexibility of Scalable Vector Graphics to handle that problem. For = visually impaired or blind users, the "logo" could even be a spoken or = braille alternative =AF "You've got a Visa/VeriSign/Coca-Cola certificate!"= And yes, in the case of subordinate CA's (and boy, are there a lot of = those, aren't there?) , we could have a problem with the equivalent of = name subordination. =20 But the alternative is for the various browser vendors to look up the logo = from a supplied list shipped with the browsers (presumably at a significant= cost to the logo owner), and a never-ending secure update problem. I = don't think that is an acceptable alternative =AF it's almost as hard as = managing root certificates. Of course, accepting the work item as part of the charter doesn't commit = us to any particular solution. We might even decide that the whole thing = is hopeless after all, and throw up our hands. But we should at least = take a thoughtful look at the problem. Bob Robert R. Jueneman Security Architect Novell, Inc -- the leading provider of Net services software >>> "Housley, Russ" <rhousley@rsasecurity.com> 08/30/01 11:33AM >>> Steve Hanna: >I haven't seen any comments on the revised charter yet. Most of it looks >good to me. However, I don't think PKIX should do any work on the >logotype extension. I know that there is a demand for this from >marketing folks, but I don't believe that we should standardize it >unless it can be used securely. This does not seem possible. You and I agree on most things, but we have a major disagreement here. = I=20 do not think that we will see widespread deployment of certificates = without=20 logos. One measure of success will be the number of certificates that=20 average Internet user have. Hopefully every Internet user will have at=20 least one. I suspect that as we become successful, these logos will be = the=20 tag by which users select a certificate. I do not want to see more than one way that logos can be put into=20 certificates. That is the most important reason for PKIX to be involved = in=20 the definition. You seem to agree that the market has a demand for=20 logos. Letting each vendor devise an independent way to meet this=20 marketing requirement would be very bad for all implementors. You seem to be concerned with the security of logos. I am not. From = my=20 perspective, we are asking CAs to do many things that are harder than=20 including a URL and hash of a the appropriate logo. In many, many = cases,=20 this will be the same logo in every certificate that is issued by that CA. Anyway, we should not have the complete technical debate on a threat = about=20 the charter. I strongly encourage the PKIX working group to include = this=20 area in the charter sent forward to the Area Directors for approval. = Once=20 the revised charter is approved, we can have the technical debate and = sort=20 out the details. Russ --=_257F9D25.E081EEC9 Content-Type: text/plain Content-Disposition: attachment; filename="Bob Jueneman.vcf" BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Bob Jueneman TEL;WORK:01-801/861-7387 ORG:Novell Inc. -- the leading provider of Net services software;DS eBusiness Solutions TEL;PREF;FAX:01-801/861-2522 EMAIL;WORK;PREF;NGW:BJUENEMAN@novell.com N:Jueneman;Bob TITLE:Consultant Engineer ADR;INTL;WORK;PARCEL;POSTAL:;;Novell, Inc.\n1800 South Novell Place\n;Provo;Utah;84606;USA LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A= Novell, Inc.=0A= 1800 South Novell Place=0A= =0A= Provo, Utah 84606=0A= USA LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A= Novell, Inc.=0A= 1800 South Novell Place=0A= =0A= Provo, Utah 84606 END:VCARD BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Robert R. Jueneman TEL;WORK:01-801/861-7387 ORG:Novell, Inc.;DS eBusiness Solutions TEL;PREF;FAX:01-801/861-2522 EMAIL;WORK;PREF;NGW:BJUENEMAN@novell.com N:Jueneman;Bob TITLE:Consultant Engineer ADR;INTL;WORK;PARCEL;POSTAL:;PRV-F331;122 E. 1700 South;Provo;Utah;84606;USA LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A= PRV-F331=0A= 122 E. 1700 South=0A= Provo, Utah 84606=0A= USA LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A= PRV-F331=0A= 122 E. 1700 South=0A= Provo, Utah 84606 TEL;HOME:1-801-765-4378 TEL;CELL:1-801-361-1410 TEL;PREF:1-801-861-7387, 1-800-453-1267 END:VCARD --=_257F9D25.E081EEC9-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7UMnFJ18731 for ietf-pkix-bks; Thu, 30 Aug 2001 15:49:15 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7UMnED18727 for <ietf-pkix@imc.org>; Thu, 30 Aug 2001 15:49:14 -0700 (PDT) Received: from [128.33.84.35] (comsecpb.bbn.com [128.33.84.35]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id SAA15210; Thu, 30 Aug 2001 18:49:11 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com (Unverified) Message-Id: <p0501040ab7b458549900@[128.33.238.96]> In-Reply-To: <3B8D57EF.70505C80@sun.com> References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> Date: Thu, 30 Aug 2001 17:06:20 -0400 To: Steve Hanna <steve.hanna@sun.com> From: Stephen Kent <kent@bbn.com> Subject: Re: charter revisions Cc: ietf-pkix@imc.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Steve, As you recall, I have not been a fan of the logotype extension. I have requested Stefan justify the utility of the extension, in concept, and propose a concrete design to be evaluated. Still, I think the first of your criticisms is not a good one. >I haven't seen any comments on the revised charter yet. Most of it looks >good to me. However, I don't think PKIX should do any work on the >logotype extension. I know that there is a demand for this from >marketing folks, but I don't believe that we should standardize it >unless it can be used securely. This does not seem possible. > >First, CAs will find it very hard to verify whether a particular >logotype should be included in a particular certificate. They'll just >need to certify whatever the client gives them and disclaim all >responsibility for its accuracy. With textual names, at least they can >make some attempt to verify that the name corresponds to the requesting >client (by requiring a response from an email address before it's >certified, for instance). Just as a CA may employ various means to verify a subject's claim to a name, a CA can employ analogous means to verify a subject's claim to a logotype. In fact, this may be relatively easy to verify if the logo is a registered trademark (something a CA could require via its CPS). >Second, there's no equivalent to name constraints for use in cross >certificates. If I cross certify someone, I just have to trust that they >(and anyone they certify) will only put proper logotypes into >certificates. This has been my greatest concern as well, and I'd like to see a better proposal on how to better control use of the extension. Stefan rejected some approaches, and provided rationales for the rejections, but that doesn't mean that we have to live with the current proposal if the WG finds the inherent security problematic. >Third, an apparently innocuous logotype can change appearance radically >when scaled to a smaller size or mapped to a different number of colors. >This can be exploited to deceive cell phone users into thinking that >they're communicating with their bank, for instance. I had not considered this issue. we should explore ways that this problem might be avoided. presumably anyone displaying a logo on a web page has a similar concern, so maybe there are viable means to address this issue. >Unless these concerns can be addressed, I do not think that this >proposal is safe and secure. And I do not think that the IETF should >publish an RFC on a fundamentally insecure idea, especially from a >security working group. The attribute RFC has some problems too, in that bad choices of how to map an AC to a PKC can result in security failures, right? So, the issue is not whether there are insecure ways to make use of the extension, but whether there are ways to make its use secure and whether, on the balance, we think appropriate use of the extension is beneficial, from a security (not marketing) perspective. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7UKcSl16798 for ietf-pkix-bks; Thu, 30 Aug 2001 13:38:28 -0700 (PDT) Received: from femail18.sdc1.sfba.home.com (femail18.sdc1.sfba.home.com [24.0.95.145]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7UKcRD16794 for <ietf-pkix@imc.org>; Thu, 30 Aug 2001 13:38:27 -0700 (PDT) Received: from workerbee ([24.180.131.6]) by femail18.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20010830203825.BUVL5652.femail18.sdc1.sfba.home.com@workerbee>; Thu, 30 Aug 2001 13:38:25 -0700 From: "Al Arsenault" <awa1@home.com> To: "Steve Hanna" <steve.hanna@sun.com> Cc: "Stephen Kent" <kent@bbn.com>, <ietf-pkix@imc.org> Subject: RE: charter revisions Date: Thu, 30 Aug 2001 16:42:51 -0400 Message-ID: <NEBBIHJIPKPIBNEBEMDLOELEOPAA.awa1@home.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I agree with Russ here. The issues involved with logos, while difficult, are not insurmountable. They do serve a useful purpose in some environments, and a standard way of including them will be much better than letting every CA invents its own. I believe that the logo work should be in the PKIX charter. Al Arsenault Chief Security Architect Diversinet -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Housley, Russ Sent: Thursday, August 30, 2001 1:33 PM To: Steve Hanna Cc: Stephen Kent; ietf-pkix@imc.org Subject: Re: charter revisions Steve Hanna: >I haven't seen any comments on the revised charter yet. Most of it looks >good to me. However, I don't think PKIX should do any work on the >logotype extension. I know that there is a demand for this from >marketing folks, but I don't believe that we should standardize it >unless it can be used securely. This does not seem possible. You and I agree on most things, but we have a major disagreement here. I do not think that we will see widespread deployment of certificates without logos. One measure of success will be the number of certificates that average Internet user have. Hopefully every Internet user will have at least one. I suspect that as we become successful, these logos will be the tag by which users select a certificate. I do not want to see more than one way that logos can be put into certificates. That is the most important reason for PKIX to be involved in the definition. You seem to agree that the market has a demand for logos. Letting each vendor devise an independent way to meet this marketing requirement would be very bad for all implementors. You seem to be concerned with the security of logos. I am not. From my perspective, we are asking CAs to do many things that are harder than including a URL and hash of a the appropriate logo. In many, many cases, this will be the same logo in every certificate that is issued by that CA. Anyway, we should not have the complete technical debate on a threat about the charter. I strongly encourage the PKIX working group to include this area in the charter sent forward to the Area Directors for approval. Once the revised charter is approved, we can have the technical debate and sort out the details. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7UHmUN13954 for ietf-pkix-bks; Thu, 30 Aug 2001 10:48:30 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7UHmOD13950 for <ietf-pkix@imc.org>; Thu, 30 Aug 2001 10:48:24 -0700 (PDT) Received: from sdtihq24.securid.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 30 Aug 2001 17:45:58 UT Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id NAA06788; Thu, 30 Aug 2001 13:47:31 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <QTWCTH4F>; Thu, 30 Aug 2001 13:48:19 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.118]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWCTH4A; Thu, 30 Aug 2001 13:48:17 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Steve Hanna <steve.hanna@sun.com> Cc: Stephen Kent <kent@bbn.com>, ietf-pkix@imc.org Message-Id: <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Thu, 30 Aug 2001 13:33:24 -0400 Subject: Re: charter revisions In-Reply-To: <3B8D57EF.70505C80@sun.com> References: <p0501040bb7a8214adf35@[128.33.84.34]> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Steve Hanna: >I haven't seen any comments on the revised charter yet. Most of it looks >good to me. However, I don't think PKIX should do any work on the >logotype extension. I know that there is a demand for this from >marketing folks, but I don't believe that we should standardize it >unless it can be used securely. This does not seem possible. You and I agree on most things, but we have a major disagreement here. I do not think that we will see widespread deployment of certificates without logos. One measure of success will be the number of certificates that average Internet user have. Hopefully every Internet user will have at least one. I suspect that as we become successful, these logos will be the tag by which users select a certificate. I do not want to see more than one way that logos can be put into certificates. That is the most important reason for PKIX to be involved in the definition. You seem to agree that the market has a demand for logos. Letting each vendor devise an independent way to meet this marketing requirement would be very bad for all implementors. You seem to be concerned with the security of logos. I am not. From my perspective, we are asking CAs to do many things that are harder than including a URL and hash of a the appropriate logo. In many, many cases, this will be the same logo in every certificate that is issued by that CA. Anyway, we should not have the complete technical debate on a threat about the charter. I strongly encourage the PKIX working group to include this area in the charter sent forward to the Area Directors for approval. Once the revised charter is approved, we can have the technical debate and sort out the details. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7U9ZPc18984 for ietf-pkix-bks; Thu, 30 Aug 2001 02:35:25 -0700 (PDT) Received: from ocasey.baltimore.com ([193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7U9ZMD18980 for <ietf-pkix@imc.org>; Thu, 30 Aug 2001 02:35:23 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.9.3/8.9.3) with SMTP id KAA26198 for <ietf-pkix@imc.org>; Thu, 30 Aug 2001 10:35:16 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T55af6f90f20a991935136@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Thu, 30 Aug 2001 10:32:24 +0100 Received: from baltimore.ie (wks102-0.ie.baltimore.com [10.153.0.102]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id KAA10977; Thu, 30 Aug 2001 10:36:25 +0100 Message-ID: <3B8E08CA.5C1F2AF1@baltimore.ie> Date: Thu, 30 Aug 2001 10:35:06 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com> CC: Steve Hanna <steve.hanna@sun.com>, ietf-pkix@imc.org Subject: Re: charter revisions References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Steve (K), I'd have to agree with Steve H, though maybe not as strongly. My suggestion would be to limit the additional items to the dpd/dpv. In addition the replacement charter text doesn't mention the fact that PKIX has profiled the X.509 AC which I guess I can't let pass:-) Stephen. Steve Hanna wrote: > > I haven't seen any comments on the revised charter yet. Most of it looks > good to me. However, I don't think PKIX should do any work on the > logotype extension. I know that there is a demand for this from > marketing folks, but I don't believe that we should standardize it > unless it can be used securely. This does not seem possible. > > First, CAs will find it very hard to verify whether a particular > logotype should be included in a particular certificate. They'll just > need to certify whatever the client gives them and disclaim all > responsibility for its accuracy. With textual names, at least they can > make some attempt to verify that the name corresponds to the requesting > client (by requiring a response from an email address before it's > certified, for instance). > > Second, there's no equivalent to name constraints for use in cross > certificates. If I cross certify someone, I just have to trust that they > (and anyone they certify) will only put proper logotypes into > certificates. > > Third, an apparently innocuous logotype can change appearance radically > when scaled to a smaller size or mapped to a different number of colors. > This can be exploited to deceive cell phone users into thinking that > they're communicating with their bank, for instance. > > Unless these concerns can be addressed, I do not think that this > proposal is safe and secure. And I do not think that the IETF should > publish an RFC on a fundamentally insecure idea, especially from a > security working group. > > -Steve -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TNTjN15201 for ietf-pkix-bks; Wed, 29 Aug 2001 16:29:45 -0700 (PDT) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7TNThD15197 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 16:29:43 -0700 (PDT) Received: from ISI.EDU (jet.isi.edu [128.9.160.87]) by boreas.isi.edu (8.11.6/8.11.2) with ESMTP id f7TNTSn20828; Wed, 29 Aug 2001 16:29:28 -0700 (PDT) Message-Id: <200108292329.f7TNTSn20828@boreas.isi.edu> To: IETF-Announce: ; Subject: RFC 3161 on Time-Stamp Protocol (TSP) Cc: rfc-ed@isi.edu, ietf-pkix@imc.org Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary=NextPart Date: Wed, 29 Aug 2001 16:29:28 -0700 From: RFC Editor <rfc-ed@isi.edu> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A new Request for Comments is now available in online RFC libraries. RFC 3161 Title: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) Author(s): C. Adams, P. Cain, D. Pinkas, R. Zuccherato Status: Standards Track Date: August 2001 Mailbox: cadams@entrust.com, pcain@bbn.com, Denis.Pinkas@bull.net, robert.zuccherato@entrust.com Pages: 26 Characters: 54582 Obsoletes/Updates/SeeAlso: None I-D Tag: draft-ietf-pkix-time-stamp-15.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3161.txt This document describes the format of a request sent to a Time Stamping Authority (TSA) and of the response that is returned. It also establishes several security-relevant requirements for TSA operation, with regards to processing requests to generate responses. This document is a product of the Public-Key Infrastructure (C.509) Working Group of the IETF. This is now a Proposed Standard Protocol. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Sandy Ginoza USC/Information Sciences Institute ... Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="RFC-INFO@RFC-EDITOR.ORG" Content-Type: text/plain Content-ID: <010829162553.RFC@RFC-EDITOR.ORG> RETRIEVE: rfc DOC-ID: rfc3161 --OtherAccess Content-Type: Message/External-body; name="rfc3161.txt"; site="ftp.isi.edu"; access-type="anon-ftp"; directory="in-notes" Content-Type: text/plain Content-ID: <010829162553.RFC@RFC-EDITOR.ORG> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TL0mk12640 for ietf-pkix-bks; Wed, 29 Aug 2001 14:00:48 -0700 (PDT) Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7TL0kD12636 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 14:00:46 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id PAA08018; Wed, 29 Aug 2001 15:00:44 -0600 (MDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id RAA08384; Wed, 29 Aug 2001 17:00:47 -0400 (EDT) Message-ID: <3B8D57EF.70505C80@sun.com> Date: Wed, 29 Aug 2001 17:00:31 -0400 From: Steve Hanna <steve.hanna@sun.com> Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com> CC: ietf-pkix@imc.org Subject: Re: charter revisions References: <p0501040bb7a8214adf35@[128.33.84.34]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I haven't seen any comments on the revised charter yet. Most of it looks good to me. However, I don't think PKIX should do any work on the logotype extension. I know that there is a demand for this from marketing folks, but I don't believe that we should standardize it unless it can be used securely. This does not seem possible. First, CAs will find it very hard to verify whether a particular logotype should be included in a particular certificate. They'll just need to certify whatever the client gives them and disclaim all responsibility for its accuracy. With textual names, at least they can make some attempt to verify that the name corresponds to the requesting client (by requiring a response from an email address before it's certified, for instance). Second, there's no equivalent to name constraints for use in cross certificates. If I cross certify someone, I just have to trust that they (and anyone they certify) will only put proper logotypes into certificates. Third, an apparently innocuous logotype can change appearance radically when scaled to a smaller size or mapped to a different number of colors. This can be exploited to deceive cell phone users into thinking that they're communicating with their bank, for instance. Unless these concerns can be addressed, I do not think that this proposal is safe and secure. And I do not think that the IETF should publish an RFC on a fundamentally insecure idea, especially from a security working group. -Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TKEcU12074 for ietf-pkix-bks; Wed, 29 Aug 2001 13:14:38 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7TKEaD12070 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 13:14:36 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 29 Aug 2001 20:12:11 UT Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id QAA25634 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 16:13:49 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <QTWCS6WT>; Wed, 29 Aug 2001 16:14:37 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.104]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWCS6WR; Wed, 29 Aug 2001 16:14:31 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: "Christopher S. Francis" <chris.francis@wetstonetech.com> Cc: Ietf-Pkix <ietf-pkix@imc.org> Message-Id: <5.0.1.4.2.20010829161316.02be46c8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Wed, 29 Aug 2001 16:14:18 -0400 Subject: RE: Use of attribute certificates in SignedData In-Reply-To: <NEBBKNLKHMMPAKLAPDMDEEILCGAA.chris.francis@wetstonetech.co m> References: <5.0.1.4.2.20010829102121.02cbbaf0@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Chris: We heard from Blake that his application will have a problem. I hope that most will gracefully ignore certificates (of any type) that they do not need. Russ At 03:24 PM 8/29/2001 -0400, Christopher S. Francis wrote: >Thanks Russ. That confirms my interpretation of 2630. I'm concerned that >if I include an AC in SignedData in the "correct" field that commonly >available applications/toolkits will choke when they try to validate the >signature on the SignedData object. > >I was hoping for a solution in which AC-enabled applications would use the >AC if one is provided, but commonly available "AC challenged" >applications/toolkits would just ignore it and rely only on the PKC for >signature validation. Based on some of the responses I got from the SMIME >list, it sounds like I may not be able to achieve this; especially since I >would prefer to use the X.509 2000 AC syntax. > >Chris >-----Original Message----- >From: Housley, Russ [mailto:rhousley@rsasecurity.com] >Sent: Wednesday, August 29, 2001 10:24 AM >To: Christopher S. Francis >Cc: Ietf-Pkix >Subject: Re: Use of attribute certificates in SignedData > >Chris: > >SignedData has the following syntax: > > SignedData ::= SEQUENCE { > version CMSVersion, > digestAlgorithms DigestAlgorithmIdentifiers, > encapContentInfo EncapsulatedContentInfo, > certificates [0] IMPLICIT CertificateSet OPTIONAL, > crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, > signerInfos SignerInfos } > > CertificateSet ::= SET OF CertificateChoices > > CertificateChoices ::= CHOICE { > certificate Certificate, -- See X.509 > extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete > v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete > v2AttrCert [2] IMPLICIT AttributeCertificateV2 } -- See X.509 > > >PKCs and ACs needed to process any of the signerInfos should be carried in >the certificates field. > >Russ > >At 10:43 AM 8/28/2001 -0400, Christopher S. Francis wrote: > > >I have a question for the group concerning attribute certificates. > > > > > > > >Is there an accepted location to put an attribute certificate associated > >with the signer in the SignedData data structure? I have a SignedData > >object and I m considering putting an attribute certificate associated > >with the signer in the certificates field of SignedData in addition to the > >PKC of the signer. > > > >Is that a philosophically correct location? Other options include burying > >the certificate in the encapsulated content or including it as a Signed or > >UnSigned attribute. > > > > > > > >I d appreciate any advice and or lessons learned that you can > >offer. Thanks in advance. > > > > > > > >Chris Francis > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TJOqO10931 for ietf-pkix-bks; Wed, 29 Aug 2001 12:24:52 -0700 (PDT) Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7TJOpD10925 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 12:24:51 -0700 (PDT) Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id PAA21613 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 15:27:05 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p05010409b7b2f11a2a5a@[128.33.84.34]> Date: Wed, 29 Aug 2001 15:21:33 -0400 To: ietf-pkix@imc.org From: Stephen Kent <kent@bbn.com> Subject: revised meeting minutes Content-Type: multipart/alternative; boundary="============_-1213009282==_ma============" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --============_-1213009282==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" PKIX WG Meeting 8/6/01 Edited by Steve Kent (WG co-chairs) The PKIX WG met once during the 51st IETF. A total of approximately 153 individuals participated in the meeting. Tim quickly reviewed the agenda and document status, noting that there are many I-Ds in progress. (see slides) Two new RFCs in the editor's queue: RFC 3161 Timestamp Protocol RFC xxxx Attribute Certificate Profile In the IESG Review Process: PKIX Certificate and CRL Profile (a.k.a., son-of-2459) Public Key Algorithms and Identifiers for the PKIX Certificate profile Soon to be Submitted to IESG: PKIX Roadmap Repository Locator Service In WG Last Call: none Close to WG last call: Certificate Management Protocol (RFC 2510bis) Certificate Request Message Framework (RFC 2511bis) Transport Protocols for CMP Online Certificate Status Protocol (OCSP v2) New Work: Logotype Certificates - Stefan Santesson (AddTrust) Notion is to embed references to logos in certificates, for CAs or for EEs, to allow display of the logo as part of certificate processing. Argument is that people relate to logos in the physical world, and don't display certificate contents, so this is a way to bring branding into PKIs. Major concern is that people could be mislead by certificates issued by a CA that binds inappropriate logos to certificates it issues, e.g., there is no way to constrain logo references the same way we can constrain names. Proposal is to create a new extension for carrying a pointer (URL) to the logo image, an indication of the image type, and a hash of the image. (see slides) Supplemental Algorithms - Ari Singer (NTRU) New work item, to contain specs for a set of algorithms that COULD be used with PKIX data structures. Support for these algorithms is not mandated, but this document will provide a reference for these supplemental algorithms. Note need to include appropriate intellectual property warnings for proprietary algorithms, and to distinguish between algorithms that are standards, vs, proprietary. (see slides) PKI Disaster Recovery - Denis Pinkas (Integris) The goal of this new work is to create an informational RFC which addresses how to deal with compromise or loss of use of a CA, AA, or TSA key. Different requirements arise for EE signature keys vs. EE encryption keys, and these are addressed separately. (see slides) Using DNS for PKI Support- Simon Josephson (RSA) ID published as a personal draft. Focuses on using DNS to hold certificates and CRLs. Works especially well for S/MINE, given typical DNS lookup re MX records. Question is whether PKIX should adopt this as a work item? Will discuss this on the list. (no slides) Ongoing Work: LDAP V3 Profile and Certificate Matching Rules - David Chadwick (Univ of Salford) Profile going well, looking for feedback before publishing as RFC. Matching rules work not as far along, but implementation work now funded at Salford, which will help progress. CMC Update - Jim Schaad (Soaring Hawk Consulting) Core functions largely unchanged, e.g., ASN syntax and processing rules will be static. New set of CMC documents being issued, breaking into multiple pieces to allow easier progression of pieces, e.g., S/MIME makes use of CMC for symmetric key distribution, compliance document. VeriSign hosted interoperability testing covering a large number of protocol features. Several issues were uncovered during testing. (see slides) CMP Update - Carlisle Adams (Entrust) Interoperability testing yielded clarifications and the document is now ready to go to Draft Standard status. Proxy Certificates - Steven Tuecke (Argonne Labs) Revised ID has been published. Related draft in TLS WG. Not many attendees have read this draft, according to a show of hands. Because it requires changes to certificate path validation, there is a significant question about whether these changes should be part of the base standards, or if this processing is a separate step to be performed after standard path validation processing. (see slides) OCSPv2 - Michael Myers (VeriSign) Authors have decided to publish as experimental for now. This includes the OCSPv2 draft, the DPD with OCSP draft, and the DPV draft. (no slides) SCVP - Ambarish Malpani (ValiCert) There were two significant changes to the draft: only ASN.1 syntax is employed and signatures are based on the CMS format. (no slides) DPD/DPV - Denis Pinkas (Integris) New ID posed to list. Incorporate new approach to DPV/DPD, using 3 protocols: DPV, DPD, and a separate protocol for management of policy data used for validation or discovery. This allows the DPD and DPV protocols to be smaller and simpler, because the management of parameters used for DPD/DPV is part of a separate protocol. The management protocol might not be implemented on many clients, e.g., thin clients. References to the parameters (policy) used for validation are OIDs, and there is a provision for a client to NOT specify a policy, but have a server employ a default policy and return that to the user. Extensive use of hashes of ancillary values to keep messages brief, but allow checking by client. DPV proposal allows for validation re current time, or past time (re-validation). DPV can return four answers, reflecting level of knowledge available to the server, especially with regard to revocation data. DPD and management protocol also presented in detail. (see slides) Policy Requirements for Timestamping Authorities- Denis Pinkas (Integris) Discussion of this ETSI document and solicitation of comments. (see slides) --============_-1213009282==_ma============ Content-Type: text/html; charset="us-ascii" <!doctype html public "-//W3C//DTD W3 HTML//EN"> <html><head><style type="text/css"><!-- blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 } --></style><title>revised meeting minutes</title></head><body> <div><font face="Courier" size="+2" color="#000000">PKIX WG Meeting 8/6/01<br> Edited by Steve Kent (WG co-chairs)<br> <br> The PKIX WG met once during the 51st IETF. A total of approximately 153<br> individuals participated in the meeting.<br> <br> <br> Tim quickly reviewed the agenda and document status, noting that there are many<br> I-Ds in progress. (see slides)<br> <br> Two new RFCs in the editor's queue:<br> <x-tab> </x-tab>RFC 3161<x-tab> </x-tab>Timestamp Protocol<br> <x-tab> </x-tab>RFC xxxx<x-tab> </x-tab>Attribute Certificate Profile<br> <br> In the IESG Review Process:<br> <x-tab> </x-tab>PKIX Certificate and CRL Profile (a.k.a., son-of-2459)<br> <x-tab> </x-tab>Public Key Algorithms and Identifiers for the PKIX Certificate profile<br> <br> Soon to be Submitted to IESG:<br> <x-tab> </x-tab>PKIX Roadmap<br> <x-tab> </x-tab>Repository Locator Service<br> <br> In WG Last Call:<br> <x-tab> </x-tab>none<br> <br> Close to WG last call:<br> <x-tab> </x-tab>Certificate Management Protocol (RFC 2510bis)<br> <x-tab> </x-tab>Certificate Request Message Framework (RFC 2511bis)<br> <x-tab> </x-tab>Transport Protocols for CMP<br> <x-tab> </x-tab>Online Certificate Status Protocol (OCSP v2)<br> <br> New Work:<br> <br> <br> Logotype Certificates - Stefan Santesson (AddTrust)<br> <x-tab> </x-tab>Notion is to embed references to logos in certificates, for<br> CAs or for EEs, to allow display of the logo as part of certificate<br> processing. Argument is that people relate to logos in the physical<br> world, and don't display certificate contents, so this is a way to<br> bring branding into PKIs. Major concern is that people could be<br> mislead by certificates issued by a CA that binds inappropriate logos<br> to certificates it issues, e.g., there is no way to constrain logo<br> references the same way we can constrain names. Proposal is to create<br> a new extension for carrying a pointer (URL) to the logo image, an<br> indication of the image type, and a hash of the image. (see slides)<br> <br> Supplemental Algorithms - Ari Singer (NTRU)<br> <x-tab> </x-tab>New work item, to contain specs for a set of algorithms that<br> COULD be used with PKIX data structures. Support for these algorithms<br> is not mandated, but this document will provide a reference for these<br> supplemental algorithms. Note need to include appropriate<br> intellectual property warnings for proprietary algorithms, and to<br> distinguish between algorithms that are standards, vs, proprietary.<br> (see slides)<br> <br> PKI Disaster Recovery - Denis Pinkas (Integris)<br> <x-tab> </x-tab>The goal of this new work is to create an informational RFC<br> which addresses how to deal with compromise or loss of use of a CA,<br> AA, or TSA key. Different requirements arise for EE signature keys<br> vs. EE encryption keys, and these are addressed separately. (see<br> slides)<br> <br> Using DNS for PKI Support- Simon Josephson (RSA)<br> <x-tab> </x-tab>ID published as a personal draft. Focuses on using DNS to<br> hold certificates and CRLs. Works especially well for S/MINE, given<br> typical DNS lookup re MX records. Question is whether PKIX should<br> adopt this as a work item? Will discuss this on the list. (no slides)<br> <br> <br> Ongoing Work:<br> <br> LDAP V3 Profile and Certificate Matching Rules - David Chadwick (Univ<br> of Salford)<br> <x-tab> </x-tab>Profile going well, looking for feedback before publishing as<br> RFC. Matching rules work not as far along, but implementation work<br> now funded at Salford, which will help progress.<br> <br> CMC Update - Jim Schaad (Soaring Hawk Consulting)<br> <x-tab> </x-tab>Core functions largely unchanged, e.g., ASN syntax and<br> processing rules will be static. New set of CMC documents being<br> issued, breaking into multiple pieces to allow easier progression of<br> pieces, e.g., S/MIME makes use of CMC for symmetric key distribution,<br> compliance document. VeriSign hosted interoperability testing covering<br> a large number of protocol features. Several issues were uncovered during<br> testing. (see slides)<br> <br> CMP Update - Carlisle Adams (Entrust)<br> <x-tab> </x-tab>Interoperability testing yielded clarifications and the<br> document is now ready to go to Draft Standard status.<br> <br> Proxy Certificates - Steven Tuecke (Argonne Labs)<br> <x-tab> </x-tab>Revised ID has been published. Related draft in TLS WG. Not<br> many attendees have read this draft, according to a show of hands.<br> Because it requires changes to certificate path validation, there is<br> a significant question about whether these changes should be part of<br> the base standards, or if this processing is a separate step to be<br> performed after standard path validation processing. (see slides)</font></div> <div><font face="Courier" size="+2" color="#000000"><br> OCSPv2 - Michael Myers (VeriSign)<br> <x-tab> </x-tab>Authors have decided to publish as experimental for now. This includes the OCSPv2 draft, the DPD with OCSP draft, and the DPV draft. (no slides)<br> <br> SCVP - Ambarish Malpani (ValiCert)<br> <x-tab> </x-tab>There were two significant changes to the draft: only ASN.1 syntax is employed and signatures are based on the CMS format. (no slides)<br> <br> DPD/DPV - Denis Pinkas (Integris)<br> <x-tab> </x-tab>New ID posed to list. Incorporate new approach to DPV/DPD,<br> using 3 protocols: DPV, DPD, and a separate protocol for management<br> of policy data used for validation or discovery. This allows the DPD<br> and DPV protocols to be smaller and simpler, because the management<br> of parameters used for DPD/DPV is part of a separate protocol. The<br> management protocol might not be implemented on many clients, e.g.,<br> thin clients. References to the parameters (policy) used for<br> validation are OIDs, and there is a provision for a client to NOT<br> specify a policy, but have a server employ a default policy and<br> return that to the user. Extensive use of hashes of ancillary values<br> to keep messages brief, but allow checking by client. DPV proposal<br> allows for validation re current time, or past time (re-validation).<br> DPV can return four answers, reflecting level of knowledge available<br> to the server, especially with regard to revocation data. DPD and<br> management protocol also presented in detail. (see slides)<br> <br> Policy Requirements for Timestamping Authorities- Denis Pinkas (Integris)<br> <x-tab> </x-tab>Discussion of this ETSI document and solicitation of<br> comments. (see slides)</font></div> </body> </html> --============_-1213009282==_ma============-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TJOJh10903 for ietf-pkix-bks; Wed, 29 Aug 2001 12:24:19 -0700 (PDT) Received: from emerald.lightlink.com (emerald.lightlink.com [205.232.34.14]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7TJOID10898 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 12:24:18 -0700 (PDT) Received: from [209.216.70.29] (perm70-29.ij.net [209.216.70.29] (may be forged)) by emerald.lightlink.com (8.8.8/8.8.8) with SMTP id PAA22590; Wed, 29 Aug 2001 15:24:10 -0400 From: "Christopher S. Francis" <chris.francis@wetstonetech.com> To: "Housley, Russ" <rhousley@rsasecurity.com> Cc: "Ietf-Pkix" <ietf-pkix@imc.org> Received: from no.name.available by [209.216.70.29] via smtpd (for smtp.lightlink.com [205.232.34.14]) with SMTP; 29 Aug 2001 19:25:02 UT Subject: RE: Use of attribute certificates in SignedData Date: Wed, 29 Aug 2001 15:24:09 -0400 Message-ID: <NEBBKNLKHMMPAKLAPDMDEEILCGAA.chris.francis@wetstonetech.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: <5.0.1.4.2.20010829102121.02cbbaf0@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Thanks Russ. That confirms my interpretation of 2630. I'm concerned that if I include an AC in SignedData in the "correct" field that commonly available applications/toolkits will choke when they try to validate the signature on the SignedData object. I was hoping for a solution in which AC-enabled applications would use the AC if one is provided, but commonly available "AC challenged" applications/toolkits would just ignore it and rely only on the PKC for signature validation. Based on some of the responses I got from the SMIME list, it sounds like I may not be able to achieve this; especially since I would prefer to use the X.509 2000 AC syntax. Chris -----Original Message----- From: Housley, Russ [mailto:rhousley@rsasecurity.com] Sent: Wednesday, August 29, 2001 10:24 AM To: Christopher S. Francis Cc: Ietf-Pkix Subject: Re: Use of attribute certificates in SignedData Chris: SignedData has the following syntax: SignedData ::= SEQUENCE { version CMSVersion, digestAlgorithms DigestAlgorithmIdentifiers, encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } CertificateSet ::= SET OF CertificateChoices CertificateChoices ::= CHOICE { certificate Certificate, -- See X.509 extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete v2AttrCert [2] IMPLICIT AttributeCertificateV2 } -- See X.509 PKCs and ACs needed to process any of the signerInfos should be carried in the certificates field. Russ At 10:43 AM 8/28/2001 -0400, Christopher S. Francis wrote: >I have a question for the group concerning attribute certificates. > > > >Is there an accepted location to put an attribute certificate associated >with the signer in the SignedData data structure? I have a SignedData >object and I m considering putting an attribute certificate associated >with the signer in the certificates field of SignedData in addition to the >PKC of the signer. > >Is that a philosophically correct location? Other options include burying >the certificate in the encapsulated content or including it as a Signed or >UnSigned attribute. > > > >I d appreciate any advice and or lessons learned that you can >offer. Thanks in advance. > > > >Chris Francis > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TEWkE00704 for ietf-pkix-bks; Wed, 29 Aug 2001 07:32:46 -0700 (PDT) Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7TEWiD00700 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 07:32:44 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <RZ45XQD1>; Wed, 29 Aug 2001 10:32:39 -0400 Message-ID: <B8C72DA21548524180BE5AB32D65F6C206D054@sottmxs09.entrust.com> From: Carlisle Adams <carlisle.adams@entrust.com> To: "'li yunfeng'" <forward_li@yahoo.com.cn> Cc: pgut001@cs.auckland.ac.nz, ietf-pkix@imc.org Subject: RE: Date: Wed, 29 Aug 2001 10:32:37 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C13097.736F3F30" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C13097.736F3F30 Content-Type: text/plain Hi, > ---------- > From: li yunfeng[SMTP:forward_li@yahoo.com.cn] > Sent: Wednesday, August 29, 2001 3:00 AM > To: pgut001@cs.auckland.ac.nz > Cc: ietf-pkix@imc.org > > > Dear peter: > When I program the PKIX protocal, I found I have to > process the PBMParamenter struct in which there are a > member "mac AlgorithmIdentifier".Rfc2510 said that one > have to give the DES-MAC or TRIPLE-DES-MAC's oid in > the "mac" field. But I could not found the > TRIPLE-DES-MAC's OID in your docunment dunmoid.* so I > want to know what OID should I give to the "mac" > field. Actually, according to Appendix B2, the MAC to use in PasswordBasedMac is HMAC (and the OID is provided). Carlisle. ------_=_NextPart_001_01C13097.736F3F30 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUS-ASCII"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>RE: </TITLE> </HEAD> <BODY> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Hi,</FONT> </P> <UL> <P><FONT SIZE=3D2 FACE=3D"MS Sans Serif">----------</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">From:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans Serif">li = yunfeng[SMTP:forward_li@yahoo.com.cn]</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Sent:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans Serif">Wednesday, August 29, 2001 3:00 = AM</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">To:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">pgut001@cs.auckland.ac.nz</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Cc:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">ietf-pkix@imc.org</FONT> </P> <BR> <P><FONT SIZE=3D2 FACE=3D"MS Song">Dear peter:</FONT> <BR><FONT SIZE=3D2 FACE=3D"MS Song">When I program the PKIX protocal, I = found I have to</FONT> <BR><FONT SIZE=3D2 FACE=3D"MS Song">process the PBMParamenter struct in = which there are a</FONT> <BR><FONT SIZE=3D2 FACE=3D"MS Song">member "mac = AlgorithmIdentifier".Rfc2510 said that one</FONT> <BR><FONT SIZE=3D2 FACE=3D"MS Song">have to give the DES-MAC or = TRIPLE-DES-MAC's oid in</FONT> <BR><FONT SIZE=3D2 FACE=3D"MS Song">the "mac" field. But I = could not found the</FONT> <BR><FONT SIZE=3D2 FACE=3D"MS Song">TRIPLE-DES-MAC's OID in your = docunment dunmoid.* so I</FONT> <BR><FONT SIZE=3D2 FACE=3D"MS Song">want to know what OID should I give = to the "mac"</FONT> <BR><FONT SIZE=3D2 FACE=3D"MS Song">field.</FONT> </UL> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman"> </FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Actually, = according to Appendix B2, the MAC to use in PasswordBasedMac is HMAC = (and the OID is provided).</FONT> </P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman">Carlisle.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C13097.736F3F30-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TERPU00613 for ietf-pkix-bks; Wed, 29 Aug 2001 07:27:25 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7TERND00609 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 07:27:24 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 29 Aug 2001 14:24:58 UT Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA21029 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 10:26:33 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <QTWCS4Q4>; Wed, 29 Aug 2001 10:27:20 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.121]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWCS4QR; Wed, 29 Aug 2001 10:27:16 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: "Christopher S. Francis" <chris.francis@wetstonetech.com> Cc: Ietf-Pkix <ietf-pkix@imc.org> Message-Id: <5.0.1.4.2.20010829102121.02cbbaf0@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Wed, 29 Aug 2001 10:23:45 -0400 Subject: Re: Use of attribute certificates in SignedData In-Reply-To: <NEBBKNLKHMMPAKLAPDMDKEHOCGAA.chris.francis@wetstonetech.co m> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Chris: SignedData has the following syntax: SignedData ::= SEQUENCE { version CMSVersion, digestAlgorithms DigestAlgorithmIdentifiers, encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } CertificateSet ::= SET OF CertificateChoices CertificateChoices ::= CHOICE { certificate Certificate, -- See X.509 extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete v2AttrCert [2] IMPLICIT AttributeCertificateV2 } -- See X.509 PKCs and ACs needed to process any of the signerInfos should be carried in the certificates field. Russ At 10:43 AM 8/28/2001 -0400, Christopher S. Francis wrote: >I have a question for the group concerning attribute certificates. > > > >Is there an accepted location to put an attribute certificate associated >with the signer in the SignedData data structure? I have a SignedData >object and I m considering putting an attribute certificate associated >with the signer in the certificates field of SignedData in addition to the >PKC of the signer. > >Is that a philosophically correct location? Other options include burying >the certificate in the encapsulated content or including it as a Signed or >UnSigned attribute. > > > >I d appreciate any advice and or lessons learned that you can >offer. Thanks in advance. > > > >Chris Francis > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TDXhG28503 for ietf-pkix-bks; Wed, 29 Aug 2001 06:33:43 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7TDXfD28495 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 06:33:41 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id BAA23896; Thu, 30 Aug 2001 01:33:02 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id BAA473710; Thu, 30 Aug 2001 01:33:01 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Thu, 30 Aug 2001 01:33:01 +1200 (NZST) Message-ID: <200108291333.BAA473710@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, tho@andxor.com Subject: Re: New test TSA available Cc: ietf-pkix@imc.org, r.galli@com-and.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> tho <tho@andxor.com> writes: >draft (rfc) states that "The eContent SHALL be the DER-encoded value of >TSTInfo" instead it seems that you wrapped it into a further SEQUENCE so that >the resulting token appears as > >[...] > >is there any particular reason for this double wrapping ? Yes, PKCS #7 and AuthentiCode. What happened was that RFC 2630 slightly changed the definition for eContent, in PKCS #7 this was: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL but now it's: eContent [0] EXPLICIT OCTET STRING OPTIONAL however there are some implementations which still use the PKCS #7 interpretation (specifically, AuthentiCode, which AFAIK is the only widely- deployed implementation which signs something other than data (= OCTET STRING) content). This uses the ANY DEFINED BY interpretation where ANY is a SEQUENCE { ... }, so you get: content [0] EXPLICIT SEQUENCE [...] rather than an OCTET STRING. My code has a horrible kludge in there to check the contentType and vary the encoding depending on whether it's an spcIndirectDataContext or not, so it will produce this encoding as well under the right circumstances (and in fact in the TSTInfo you saw it had this turned on for any eContent type, which was wrong, I'll rebuild the test program with the option disabled in a minute. With any luck I'll have broken the AuthentiCode handling now :-). (I've suggested to the RFC 2630 author that it might be worth including a cautionary note about this in the RFC update). Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TARiA19727 for ietf-pkix-bks; Wed, 29 Aug 2001 03:27:44 -0700 (PDT) Received: from firewall.andxor.it (firewall.andxor.it [195.223.2.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7TARfD19716 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 03:27:42 -0700 (PDT) Received: from tho.andxor.com (tho.andxor.it [195.223.2.222]) by firewall.andxor.it (8.9.2/8.9.2) with ESMTP id MAA44096; Wed, 29 Aug 2001 12:27:40 +0200 (CEST) (envelope-from tho@tho.andxor.com) Received: (from tho@localhost) by tho.andxor.com (8.9.3/8.9.3) id MAA46698; Wed, 29 Aug 2001 12:27:47 +0200 (CEST) (envelope-from tho) Date: Wed, 29 Aug 2001 12:27:46 +0200 From: tho <tho@andxor.com> To: Peter Gutmann <pgut001@cs.auckland.ac.nz> Cc: ietf-pkix@imc.org, r.galli@com-and.com Subject: Re: New test TSA available Message-ID: <20010829122746.A46636@tho.andxor.com> References: <200108271454.CAA422476@ruru.cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200108271454.CAA422476@ruru.cs.auckland.ac.nz>; from pgut001@cs.auckland.ac.nz on Tue, Aug 28, 2001 at 02:54:20AM +1200 X-Operating-System: FreeBSD Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> hi peter, i've tried a tsreq against the updated tsa.cryptoapps.com and i had a problem with eContent while decoding the response: draft (rfc) states that "The eContent SHALL be the DER-encoded value of TSTInfo" instead it seems that you wrapped it into a further SEQUENCE so that the resulting token appears as ... { (EncapsulatedContentInfo) 1.2.840.113549.1.9.16.1.4, (id-ct-TSTInfo) ANY [length = 94] (SEQUENCE { DER encoded TSTInfo }) 30:5C:30:5A:02:01:01:06:0A:2B:06:01:04:01:97:55: 38:24:36:30:1F:30:07:06:05:2B:0E:03:02:1A:04:14: 31:32:33:34:35:36:37:38:39:30:61:62:63:64:65:66: 67:68:69:6C:02:11:00:BD:F4:4F:D9:70:D7:27:D3:14: 96:C2:CB:7F:86:73:96:18:0F:32:30:30:31:30:38:32: 39:30:32:31:32:35:36:5A:02:04:00:9A:21:12 }, ... rather than ... { (EncapsulatedContentInfo) 1.2.840.113549.1.9.16.1.4, (id-ct-TSTInfo) ANY [length = 94] (DER encoded TSTInfo) 30:5A:02:01:01:06:0A:2B:06:01:04:01:97:55:38:24: 36:30:1F:30:07:06:05:2B:0E:03:02:1A:04:14:31:32: 33:34:35:36:37:38:39:30:61:62:63:64:65:66:67:68: 69:6C:02:11:00:BD:F4:4F:D9:70:D7:27:D3:14:96:C2: CB:7F:86:73:96:18:0F:32:30:30:31:30:38:32:39:30: 32:31:32:35:36:5A:02:04:00:9A:21:12 }, ... is there any particular reason for this double wrapping ? bye, tho -- Received: by above.proper.com (8.11.6/8.11.3) id f7T70fB29355 for ietf-pkix-bks; Wed, 29 Aug 2001 00:00:41 -0700 (PDT) Received: from web13703.mail.yahoo.com (web13703.mail.yahoo.com [216.136.175.136]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7T70eD29351 for <ietf-pkix@imc.org>; Wed, 29 Aug 2001 00:00:40 -0700 (PDT) Message-ID: <20010829070040.20765.qmail@web13703.mail.yahoo.com> Received: from [61.139.82.202] by web13703.mail.yahoo.com via HTTP; Wed, 29 Aug 2001 15:00:40 CST Date: Wed, 29 Aug 2001 15:00:40 +0800 (CST) From: =?gb2312?q?li=20yunfeng?= <forward_li@yahoo.com.cn> To: pgut001@cs.auckland.ac.nz Cc: ietf-pkix@imc.org In-Reply-To: <B8C72DA21548524180BE5AB32D65F6C206D04D@sottmxs09.entrust.com> MIME-Version: 1.0 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Dear peter: When I program the PKIX protocal, I found I have to process the PBMParamenter struct in which there are a member "mac AlgorithmIdentifier".Rfc2510 said that one have to give the DES-MAC or TRIPLE-DES-MAC's oid in the "mac" field. But I could not found the TRIPLE-DES-MAC's OID in your docunment dunmoid.* so I want to know what OID should I give to the "mac" field. _________________________________________________________ Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! http://mail.yahoo.com.cn <font color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª ÑÅ»¢È«ÐÂÁÄÌìÊÒ! http://cn.chat.yahoo.com/c/roomlist.html Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7T5rJn17152 for ietf-pkix-bks; Tue, 28 Aug 2001 22:53:19 -0700 (PDT) Received: from phnxpop2.phnx.uswest.net (phnxpop2.phnx.uswest.net [206.80.192.2]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7T5rGD17145 for <ietf-pkix@imc.org>; Tue, 28 Aug 2001 22:53:16 -0700 (PDT) Received: (qmail 54989 invoked by uid 0); 29 Aug 2001 05:53:15 -0000 Received: from udialup141.phnx.uswest.net (HELO ?192.168.0.3?) (209.181.104.141) by phnxpop2.phnx.uswest.net with SMTP; 29 Aug 2001 05:53:15 -0000 Date: Tue, 28 Aug 2001 22:51:08 -0700 Message-Id: <a05100300b7b22cea015c@[192.168.0.3]> From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> To: "X.509": ; Mime-Version: 1.0 X-Sender: hoytkesterson@mail.earthlink.net (Unverified) Subject: DTC-3 circulated for ballot Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Draft Technical Corrigendum 3 for the 4th edition of X.509 (2000) has been circulated for ballot. The ballot comment period will close 27 November 2001.The DTC is available in pdf and doc formats at ftp://ftp.bull.com/pub/OSIdirectory/DefectResolution/DraftTechnicalCorrigenda/closing27Nov2001/6N12016X.509DTC-3%284th%29.pdf and ftp://ftp.bull.com/pub/OSIdirectory/DefectResolution/DraftTechnicalCorrigenda/closing27Nov2001/6N12016X.509DTC-3%284th%29.doc Comments and questions should be sent to Sharon Boeyen (boeyen@entrust.com) and myself hoyt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7SFVA826894 for ietf-pkix-bks; Tue, 28 Aug 2001 08:31:10 -0700 (PDT) Received: from sottmxs02.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7SFV8D26890 for <ietf-pkix@imc.org>; Tue, 28 Aug 2001 08:31:08 -0700 (PDT) Received: by sottmxs02.entrust.com with Internet Mail Service (5.5.2650.21) id <NL0CJC1T>; Tue, 28 Aug 2001 11:31:02 -0400 Message-ID: <B8C72DA21548524180BE5AB32D65F6C206D04D@sottmxs09.entrust.com> From: Carlisle Adams <carlisle.adams@entrust.com> To: "'pgut001@cs.auckland.ac.nz'" <pgut001@cs.auckland.ac.nz> Cc: ietf-pkix@imc.org Subject: RE: New test TSA available Date: Tue, 28 Aug 2001 11:30:59 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C12FD6.706AF890" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C12FD6.706AF890 Content-Type: text/plain Hi Peter, > ---------- > From: pgut001@cs.auckland.ac.nz[SMTP:pgut001@cs.auckland.ac.nz] > Sent: Tuesday, August 28, 2001 12:06 AM > To: carlisle.adams@entrust.com; pgut001@cs.auckland.ac.nz > Cc: ietf-pkix@imc.org > Subject: RE: New test TSA available > > > Carlisle Adams <carlisle.adams@entrust.com> writes: > > >Might I suggest that you some day write your own Internet Draft and > >successfully guide it to standards-track RFC status, carefully > negotiating > >your way through scores of requests for additional functionality and > never- > >ending clarification (over a period of several years) without > compromising > >your original desire for brevity and simplicity in any way? > > I've already done that, thanks for asking. There was one change I had to > make > in one of them which as far as I can see was purely for cargo cult > purposes > which I wasn't terribly happy with (it violated the "Never include a > statement > if its negation is obviously false" rule), but mostly they turned out the > way I > wanted them (that is, I didn't feel the need to credit them to Alan > Smithee > after they were complete :-). Apologies if I jumped to the wrong conclusion. I did search the RFC index for your name (all fields (including author), for all RFC types (including standards-track)) prior to making my suggestion above. I got the "zero matches; sorry, please try again" message. The search engine must have been broken in some way. Which IETF standards-track RFCs did you write? Carlisle. ------_=_NextPart_001_01C12FD6.706AF890 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUS-ASCII"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>RE: New test TSA available</TITLE> </HEAD> <BODY> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Hi = Peter,</FONT> </P> <UL> <P><FONT SIZE=3D2 FACE=3D"MS Sans Serif">----------</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">From:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">pgut001@cs.auckland.ac.nz[SMTP:pgut001@cs.auckland.ac.nz]</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Sent:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans Serif">Tuesday, August 28, 2001 12:06 = AM</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">To:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">carlisle.adams@entrust.com; pgut001@cs.auckland.ac.nz</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Cc:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">ietf-pkix@imc.org</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Subject:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">RE: New test TSA available</FONT> </P> <BR> <P><FONT SIZE=3D2 FACE=3D"Arial">Carlisle Adams = <carlisle.adams@entrust.com> writes:</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">>Might I suggest that you some day = write your own Internet Draft and</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>successfully guide it to = standards-track RFC status, carefully negotiating</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>your way through scores of = requests for additional functionality and never-</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>ending clarification (over a = period of several years) without compromising</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>your original desire for brevity = and simplicity in any way?</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">I've already done that, thanks for = asking. There was one change I had to make</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">in one of them which as far as I can = see was purely for cargo cult purposes</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">which I wasn't terribly happy with = (it violated the "Never include a statement</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">if its negation is obviously = false" rule), but mostly they turned out the way I</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">wanted them (that is, I didn't feel = the need to credit them to Alan Smithee</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">after they were complete :-).</FONT> </UL> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman"> </FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Apologies = if I jumped to the wrong conclusion. I did search the RFC index = for your name (all fields (including author), for all RFC types = (including standards-track)) prior to making my suggestion above. = I got the "zero matches; sorry, please try again" = message.</FONT></P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">The search = engine must have been broken in some way. Which IETF = standards-track RFCs did you write?</FONT> </P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman">Carlisle.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C12FD6.706AF890-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7SEhHW24591 for ietf-pkix-bks; Tue, 28 Aug 2001 07:43:17 -0700 (PDT) Received: from emerald.lightlink.com (emerald.lightlink.com [205.232.34.14]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7SEhDD24573 for <ietf-pkix@imc.org>; Tue, 28 Aug 2001 07:43:14 -0700 (PDT) Received: from [209.216.70.29] (perm70-29.ij.net [209.216.70.29] (may be forged)) by emerald.lightlink.com (8.8.8/8.8.8) with SMTP id KAA10281 for <ietf-pkix@imc.org>; Tue, 28 Aug 2001 10:43:02 -0400 From: "Christopher S. Francis" <chris.francis@wetstonetech.com> To: "Ietf-Pkix" <ietf-pkix@imc.org> Received: from no.name.available by [209.216.70.29] via smtpd (for smtp.lightlink.com [205.232.34.14]) with SMTP; 28 Aug 2001 14:44:02 UT Subject: Use of attribute certificates in SignedData Date: Tue, 28 Aug 2001 10:43:02 -0400 Message-ID: <NEBBKNLKHMMPAKLAPDMDKEHOCGAA.chris.francis@wetstonetech.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0026_01C12FAE.364808B0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This is a multi-part message in MIME format. ------=_NextPart_000_0026_01C12FAE.364808B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a question for the group concerning attribute certificates.=20 =20 Is there an accepted location to put an attribute certificate associated = with the signer in the SignedData data structure? I have a SignedData = object and I=92m considering putting an attribute certificate associated = with the signer in the =91certificates=92 field of SignedData in = addition to the PKC of the signer. =20 =20 Is that a =93philosophically correct=94 location? I have some concern = about standard decoders being able to successfully decode the SignedData = structure if includes an attribute certificate. Other options include = burying the certificate in the encapsulated content or including it as a = Signed or UnSigned attribute. =20 I=92d appreciate any advice and or lessons learned that you can offer. = Thanks in advance. =20 =20 Chris Francis =20 ------=_NextPart_000_0026_01C12FAE.364808B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 9"> <meta name=3DOriginator content=3D"Microsoft Word 9"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C12FAE.0FE97E60"> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> </w:WordDocument> </xml><![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:"Comic Sans MS"; panose-1:3 15 7 2 3 3 2 2 2 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} h1 {mso-style-next:Normal; margin-top:12.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:1; font-size:16.0pt; font-family:Arial; mso-font-kerning:16.0pt;} p.MsoBodyText, li.MsoBodyText, div.MsoBodyText {margin-top:13.2pt; margin-right:0in; margin-bottom:0in; margin-left:1.0in; margin-bottom:.0001pt; line-height:120%; mso-pagination:widow-orphan; font-size:11.0pt; mso-bidi-font-size:10.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman"; mso-font-kerning:11.0pt;} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig {margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} span.EmailStyle15 {mso-style-type:personal-compose; mso-ansi-font-size:12.0pt; mso-ascii-font-family:"Comic Sans MS"; mso-hansi-font-family:"Comic Sans MS"; mso-bidi-font-family:Arial; color:black;} p.Heading1NoTOC, li.Heading1NoTOC, div.Heading1NoTOC {mso-style-name:"Heading 1 No TOC"; mso-style-parent:"Heading 1"; margin-top:12.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; text-align:center; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:1; font-size:14.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-fareast-font-family:"Times New Roman"; mso-bidi-font-family:"Times New Roman"; mso-font-kerning:14.0pt; font-weight:bold; mso-bidi-font-weight:normal;} p.TableText, li.TableText, div.TableText {mso-style-name:"Table Text"; margin-top:3.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; line-height:110%; mso-pagination:widow-orphan lines-together; font-size:10.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman"; mso-font-kerning:10.0pt;} span.EmailStyle21 {mso-style-type:personal; mso-ansi-font-size:12.0pt; mso-ascii-font-family:"Comic Sans MS"; mso-hansi-font-family:"Comic Sans MS"; mso-bidi-font-family:Arial; color:black;} span.EmailStyle22 {mso-style-type:personal; mso-ansi-font-size:12.0pt; mso-ascii-font-family:"Comic Sans MS"; mso-hansi-font-family:"Comic Sans MS"; mso-bidi-font-family:Arial; color:black;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><span class=3DEmailStyle21><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans MS"'>I have a question for the group concerning attribute certificates. = <o:p></o:p></span></font></span></p> <p class=3DMsoNormal><span class=3DEmailStyle21><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans = MS"'> <o:p></o:p></span></font></span></p> <p class=3DMsoNormal><span class=3DEmailStyle22><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans MS"'>Is there an accepted location to put an attribute certificate associated = with the signer in the SignedData data structure?<span style=3D"mso-spacerun: = yes"> </span>I have a SignedData object and I’m considering putting an = attribute certificate associated with the signer in the ‘certificates’ = field of SignedData in addition to the PKC of the signer.<span = style=3D"mso-spacerun: yes"> </span><o:p></o:p></span></font></span></p> <p class=3DMsoNormal><span class=3DEmailStyle22><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans = MS"'> <o:p></o:p></span></font></span></p> <p class=3DMsoNormal><span class=3DEmailStyle22><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans MS"'>Is that a “philosophically correct” location?<span = style=3D"mso-spacerun: yes"> </span>I have some concern about standard decoders being = able to successfully decode the SignedData structure if includes an attribute certificate.<span style=3D"mso-spacerun: yes"> </span>Other = options include burying the certificate in the encapsulated content or including it as a = Signed or UnSigned attribute.<o:p></o:p></span></font></span></p> <p class=3DMsoNormal><span class=3DEmailStyle22><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans = MS"'> <o:p></o:p></span></font></span></p> <p class=3DMsoNormal><span class=3DEmailStyle22><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans MS"'>I’d appreciate any advice and or lessons learned that you can offer.<span style=3D"mso-spacerun: yes"> </span>Thanks in advance.<span style=3D"mso-spacerun: yes"> </span></span></font></span><span class=3DEmailStyle21><font color=3Dblack face=3D"Comic Sans MS"><span style=3D'font-family:"Comic Sans = MS"'><o:p></o:p></span></font></span></p> <p class=3DMsoNormal><span class=3DEmailStyle21><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans = MS"'> <o:p></o:p></span></font></span></p> <p class=3DMsoNormal><span class=3DEmailStyle21><font size=3D3 = color=3Dblack face=3D"Comic Sans MS"><span = style=3D'font-size:12.0pt;font-family:"Comic Sans MS"'>Chris Francis<o:p></o:p></span></font></span></p> <p class=3DMsoNormal><font size=3D3 color=3Dblack face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:black'><![if = !supportEmptyParas]> <![endif]></span></font><font color=3Dblack><span = style=3D'color:black;mso-color-alt:windowtext'><o:p></o:p></span></font><= /p> </div> </body> </html> ------=_NextPart_000_0026_01C12FAE.364808B0-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7S6raU12883 for ietf-pkix-bks; Mon, 27 Aug 2001 23:53:36 -0700 (PDT) Received: from p-mail2.cnet.fr (p-mail2.rd.francetelecom.com [193.49.124.32]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7S6rXD12872 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 23:53:34 -0700 (PDT) Received: by p-voyageur.rd.francetelecom.fr with Internet Mail Service (5.5.2653.19) id <RQ85SWYB>; Tue, 28 Aug 2001 08:36:02 +0200 Received: from francetelecom.com (161.104.58.152 [161.104.58.152]) by l-mhs1.rd.francetelecom.fr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id RJ40W6Z0; Tue, 28 Aug 2001 08:35:12 +0200 Message-ID: <3B88B98E.C9EF1817@francetelecom.com> Date: Sun, 26 Aug 2001 08:55:42 +0000 From: Olivier Dubuisson <Olivier.Dubuisson@francetelecom.com> Organization: France Telecom R&D X-Mailer: Mozilla 4.75 [en] (Win95; U) X-Accept-Language: en,fr-FR MIME-Version: 1.0 To: =?iso-8859-1?Q?=B1=E8=20=C3=E6=B1=E6?= <chkim@initech.com> CC: ietf-pkix@imc.org Subject: Re: Question about ECDSA. References: <04ADDBBB4C7EBF468E3DF355B750195E0F5807@file.initech.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> ±è Ãæ±æ wrote: > > I can't found ECDSA PriveKey OID. > There is no information about it in X9.62 and your draft-ietf-pkix-ipki- > pkalgs-03.txt. > > I want to know ECDSA PrivateKey ASN.1 syntax, OID and > PrivateKeyAlgorithms OID. > where can I that information? I take this opportunity to keep you informed that an OID repository is available on the ASN.1 website at http://asn1.elibel.tm.fr/oid/ Use the search engine of the website to check if some information available concerning ECDSA. We are in a process to redesign it and also to merge the data with those of Harald Alvestrand's repository <http://www.alvestrand.no/objectid>. In the October 2001 timeframe a lot more information should be available regarding OIDs. -- Olivier DUBUISSON france telecom R&D _ DTL/MSV - 22307 Lannion Cedex - France ( ) tel: +33 2 96 05 38 50 - fax: +33 2 96 05 39 45 / \/ -------------------------------------- \_/\ Site ASN.1 : http://asn1.elibel.tm.fr/ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7S46Lc29423 for ietf-pkix-bks; Mon, 27 Aug 2001 21:06:21 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7S46JD29419 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 21:06:19 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id QAA09921; Tue, 28 Aug 2001 16:06:16 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id QAA438415; Tue, 28 Aug 2001 16:06:16 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Tue, 28 Aug 2001 16:06:16 +1200 (NZST) Message-ID: <200108280406.QAA438415@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: carlisle.adams@entrust.com, pgut001@cs.auckland.ac.nz Subject: RE: New test TSA available Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Carlisle Adams <carlisle.adams@entrust.com> writes: >I'm sure we all appreciated your edifying rant. Thanks, it was good for me too :-). >Might I suggest that you some day write your own Internet Draft and >successfully guide it to standards-track RFC status, carefully negotiating >your way through scores of requests for additional functionality and never- >ending clarification (over a period of several years) without compromising >your original desire for brevity and simplicity in any way? I've already done that, thanks for asking. There was one change I had to make in one of them which as far as I can see was purely for cargo cult purposes which I wasn't terribly happy with (it violated the "Never include a statement if its negation is obviously false" rule), but mostly they turned out the way I wanted them (that is, I didn't feel the need to credit them to Alan Smithee after they were complete :-). Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7S2gCa17566 for ietf-pkix-bks; Mon, 27 Aug 2001 19:42:12 -0700 (PDT) Received: from mx01.melco.co.jp (mx01.melco.co.jp [192.218.140.41]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7S2g7D17546 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 19:42:07 -0700 (PDT) Received: by mx01.melco.co.jp (mx01) id LAA21672; Tue, 28 Aug 2001 11:42:01 +0900 (JST) Received: by mr03.melco.co.jp (mr03) id LAA01852; Tue, 28 Aug 2001 11:41:54 +0900 (JST) Received: from elmail by elgw.isl.melco.co.jp (8.8.8/3.6W) id LAA09974; Tue, 28 Aug 2001 11:41:53 +0900 (JST) Received: from iss.isl.melco.co.jp (iss.isl.melco.co.jp [10.74.5.60]) by elmail.isl.melco.co.jp (iPlanet Messaging Server 5.0 Patch 3 (built Mar 23 2001)) with ESMTP id <0GIR009LEBHSQB@elmail.isl.melco.co.jp>; Tue, 28 Aug 2001 11:41:52 +0900 (JST) Received: from belize by iss.isl.melco.co.jp (8.8.8/3.6W) id LAA09212; Tue, 28 Aug 2001 11:41:53 +0900 (JST) Date: Tue, 28 Aug 2001 11:48:07 +0900 From: Hiroyuki Sakakibara <sakaki@iss.isl.melco.co.jp> Subject: Re: Path validation and self-signed certificates To: "David A. Cooper" <david.cooper@nist.gov>, ietf-pkix@imc.org Message-id: <002101c12f6b$de7796b0$78054a0a@iss.isl.melco.co.jp> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: <4.2.2.20010825163905.00bc5b30@email.nist.gov> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> David Thank you for four comments. In (2) and (4), as you mentioned, following the latest X.509 standard, if a validation system tries to check extensions in self-signed certificates, certificatePolicies, nameConstraints etc, the result of validation will not be identical to the result of validation ignoring self-signed certificates and will be an interoperability problem. I think that IF a validation system checks self-signed certs, the software shall check validity and revocation only, because these are additional checks to enhance security of validation. But the current X.509 does not allow these processing unfortunatelly. David Cooper -----> Hiroyuki Sakakibara presented an example in which processing self-signed certificates helped to prevent a security breach. In his example, A issues a cross-certificate to B and B's private key is compromised. Hiroyuki pointed out that by processing B's self-signed certificate (to see if it has expired or has been revoked) one may have a chance to detect the compromise even if A does not cooperate by revoking the certificate that it issued to B. However, as he pointed out, this is not foolproof. The entity that compromised B's key could issue a new self-signed certificate with a later notAfter date along with CRLs that make it appear as if B's certificates are still good. If on the other hand, B were able to get its own CRLs to relying parties, it could just revoke all of its certificates instead of just its self-signed certificate, thus ensuring that any relying party that receives its CRLs will know that its certificates can not be trusted, whether they process B's self-signed certificates or not. <-----David Cooper OK, I see. as your example ( also in (3) ), in the case of revocation of B, B can announce its revocation by issuing a CRL that containts all certs that B issued(including its self-signed), even though A does not issue a CRL which revokes a cert from A to B. In the case of revocation of Bridge CA, a CRL issued by Bridge CA would be large depending on the number of CAs it cross certifies with. Killing Bridgne CA itself only in the CRL, size of it will be quite small. David Cooper -----> In general though, if a certification path of the form ... --> A --> B --> ... is being processed, I don't think there is much that B can do to protect relying parties from A's improper behavior. If A issues certificates to B with notAfter dates that are later than they should be or if A refuses to revoke B's certificate when requested to do so, there is little that B can do to protect A's relying parties (or the relying parties of any CA that preceded A in the path) from A, particularly in the case when B's private key has been compromised. <----- David Cooper I agree with you. I still suppose that checking self-signed certs validity (notBefore/After) or revocation would be some help to detect improper behavior of A in some cases. And considering Peter's comments, some implementation would validate self-signed certs though it would be rare. Peter Hesse -----> - Not all certificate validation systems allow any self-signed certificates to appear as intermediate certificates in paths. This is primarily for two reasons: 1) Preventing same subject name and public key from appearing twice in a path prevents loops, and 2) some argue that the same public key appearing twice in the path dilutes the trust chain. <-----Peter Hesse While I think that validating self-signed certs in a path would be meaningful, it would not possible for a RP to find self-signed certs always. Because, when the RP does not find a self-signed cert for a CA, the RP could not automatically judge that "a self-signed cert for this CA is not present in LDAP by accident" or "originally it does not exist( was not issued)", on the other hand, the RP can construct a path without self-signed certs. Is there any idea that a RP detects CA's improper behavior ... ? ------------------------------------------------------------------------ [my personal opinion] I would like to summurize my personal opinion considering replies from Peter and David. * the latest X.509 inhibits validation of self-signed certs in a path. On the other hand, some implementation already would have adopted cheking self-signed certs, and in some cases it would be meaningful, therefore it is not good that self-signed certs are entirely ignored. "may be ignored" is better, I think. * PKIX shall follow X.509. For interoperability, as most of implements would have applyied, if self-signed certs appear in the middle of a path, they shall be ignored, WHEN VALIDATION, not construction. Namely, this processing is the subset of the above bullet ( self-signed certs "may" be ignored in the above bullet) ------------------------------------------------------------------------ I thank for Peter Hesse and David A. Cooper 's many comments. While I still suppose that it is meaningful to check self-signed certificates in some cases, I suppose that cheking self-signed certificates does not protect a CA's improper behaivior always and perfectly and a path will be longer and complicated than one without self-signed certs. Anyway, I think it is better that son of 2459 describes some recommendations about including / not including self-signed certs in a path. In this case, the latest X.509 ignores self-signed certs when validation( not construction), hence, son of 2459 reccomends that coresspondingly. [Question] I have a related question about path construction and validation. Based on the current X.509, a path may containts self-signed certs, however, they shall be ignored when validation. For example, B issues its EndEntity a certificate whose AKI explicitly indicates B's self-signed with authorityCertIssuer/SerialNumber. Relying Parties in B's PKI system use B's self-signed as the trust anchor's cert. Later, A and B agree with cross-certification between them, then, A issues a cross certificate to B. hence, a path in the cross certification may be constructed as (1) A->B, B(self-signed), B->EE or (2) A->B, B->EE (1) refferencing AKI of B->EE which explicitly indicates B(self-sign) with authorityCertIssuer/SerialNumber (2) ignoring AKI of B->EE or refferencing keyId in AKI only if exists. According to the latest X.509, even thogh a path is constructed as (1), B(self-signed) shall be ignored when validation. Is my interpretation correct ? or self-signed certs shall be ignored when path construction ? ( if they are ignored when path construction, it will be more efficient.) Hiroyuki Sakakibara --------------------------------------- Hiroyuki Sakakibara MITSUBISHI ELECTRIC CORPORATION Information Technology R&D Center 5-1-1 Ofuna, Kamakura, Kanagawa, Japan PHONE: +81-467-41-2183 FAX: +81-467-41-2185 E-mail : sakaki@iss.isl.melco.co.jp ----- Original Message ----- From: "David A. Cooper" <david.cooper@nist.gov> To: <ietf-pkix@imc.org> Sent: Sunday, August 26, 2001 6:33 AM Subject: RE: Path validation and self-signed certificates > > All, > > I believe that PKIX should either discourage or forbid the inclusion of self-signed certificates in certification paths for the following reasons: > > 1) Section 8.1.5 of the 4th edition of X.509 states that > > There are three circumstances under which a certification authority may > issue a certificate to itself: > > a) as a convenient way of encoding its public key for communication to, > and storage by, its certificate users; > > b) ... > > For purposes of path validation, self-issued certificates of type a) are verified > with the public key contained in them, and if they are encountered in the path, > they shall be ignored. > > So, X.509 states that self-signed certificate are only to be used as a convenient way of encoding a public key, and that self-signed certificates, if they are encountered in a certification path are to be ignored. Thus, if PKIX were to allow the processing of self-signed certificates, it would not be compliant with X.509. > > 2) As Peter Hesse pointed out, many CAs issue self-signed certificates with a minimum necessary information (e.g., a version 1 certificate with just a name, public key, and validity dates). Any such certificates included in a certification path would result in an empty valid_policy_tree. Old-with-new and new-with-old self-issued certificates are designed to be used as part of certification paths and so should contain all of the necessary extensions (e.g., basicConstraints, certificatePolicies), but self-signed certificates may be been issued simply as a means of distributing the public key to relying parties that will use that key as a trust anchor. If these certificates are included in, and are processed as parts of, certification paths, the results may be rejecting end certificates that should be have been accepted. > > 3) If a CA suspects that its key has been compromised (or it otherwise determines that none of the certificates it has issued should be considered valid), it should request that every certificate issued to it be revoked (as is stated in the Security Considerations section). If possible, it should also revoke all of the certificates it has issued (not just its self-signed certificate). If a CA can revoke its own self-signed certificate then it can revoke all of the certificates it has issued. Doing so will ensure that all relying parties know about the revocation, not just those relying parties that check to see whether the signed-signed certificate has been revoked. > > 4) If an organization uses client software that processes self-signed certificates, there is risk that that organization will issue certificates from its own CA assuming that relying parties process self-signed certificates. This organization's CA may then issue self-signed certificates with constraints (e.g., name constraints, path length constraints, etc.) that they expect relying parties to see, but the CA, assuming that relying parties will process its self-signed certificates, may not include the constraints in any of its other certificates. > > So, if there is no set rule, there is the risk that relying parties that do process self-signed certificates will lose some interoperability and those that do not will overlook intended path processing constraints. > > Hiroyuki Sakakibara presented an example in which processing self-signed certificates helped to prevent a security breach. In his example, A issues a cross-certificate to B and B's private key is compromised. Hiroyuki pointed out that by processing B's self-signed certificate (to see if it has expired or has been revoked) one may have a chance to detect the compromise even if A does not cooperate by revoking the certificate that it issued to B. However, as he pointed out, this is not foolproof. The entity that compromised B's key could issue a new self-signed certificate with a later notAfter date along with CRLs that make it appear as if B's certificates are still good. If on the other hand, B were able to get its own CRLs to relying parties, it could just revoke all of its certificates instead of just its self-signed certificate, thus ensuring that any relying party that receives its CRLs will know that its certificates can not be trusted, whether they process B's self-s! > igned certificates or not. > > In general though, if a certification path of the form ... --> A --> B --> ... is being processed, I don't think there is much that B can do to protect relying parties from A's improper behavior. If A issues certificates to B with notAfter dates that are later than they should be or if A refuses to revoke B's certificate when requested to do so, there is little that B can do to protect A's relying parties (or the relying parties of any CA that preceded A in the path) from A, particularly in the case when B's private key has been compromised. I don't think that it is worth diverging from X.509 and introducing interoperability problems into PKIX in an attempt to try. > > Dave > > At 04:37 PM 8/24/01 -0700, Ryan Hurst wrote: > >Peter - > > > >I agree with your comments on self-signed certificates in chains with only one exception, specifically in regards to revocation. There are several cases where the revocation of a self-signed CA would make sense, what about cessationOfOperation, superseded and affiliationChanged? These reasons do not imply any sort of compromise of key material. We make many "known assumptions" in PKI and the catch 22 of key material management and trust is one of them, without these "known assumptions" many of the things in son-off fall apart. > > > >Ryan > > > Received: by above.proper.com (8.11.6/8.11.3) id f7S2URv13604 for ietf-pkix-bks; Mon, 27 Aug 2001 19:30:27 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7S2UPD13600 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 19:30:25 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id OAA06836; Tue, 28 Aug 2001 14:29:37 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id OAA436733; Tue, 28 Aug 2001 14:29:31 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Tue, 28 Aug 2001 14:29:31 +1200 (NZST) Message-ID: <200108280229.OAA436733@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: chkim@initech.com, jimsch@exmsft.com, rhousley@rsasecurity.com Subject: RE: Question about ECDSA. Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> "Jim Schaad" <jimsch@nwlink.com> writes: >I had to look, but it appears that RFC2511bis does not do this even though I >might have expected it to. There are now some private key items put into the >CMC-Archive document but I don't currently have any EC private keys documented >there. Doesn't PKCS #15 do this, along with a wide variety of other private key formats? Peter. Received: by above.proper.com (8.11.6/8.11.3) id f7S2NY211234 for ietf-pkix-bks; Mon, 27 Aug 2001 19:23:34 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7S2NVD11196 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 19:23:32 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id OAA06662; Tue, 28 Aug 2001 14:23:25 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id OAA436198; Tue, 28 Aug 2001 14:23:21 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Tue, 28 Aug 2001 14:23:21 +1200 (NZST) Message-ID: <200108280223.OAA436198@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org, jean-marc.desperrier@certplus.com Subject: Re: New test TSA available Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Jean-Marc Desperrier <jean-marc.desperrier@certplus.com> writes: >Peter Gutmann wrote: >>The first item in "Security Considerations" (referred to above) is pretty >>risky. An un-compromised TSA key should be destroyed, but not explicitly >>revoked. If it is revoked then it's necessary to create a benign vs serious >>revocation condition (which is what the text does) which can be exploited >>because all I need to do after stealing the TSA key is to revoke it in a benign >>manner and then generate all the fake timestamps I want. > >The TSA is signed by a CA. If I steal the TSA key, I can forge timestamp, but >not the revocation information. I'd need to steal both keys to do that. Not really: Steal the TSA key Use it to submit a benign revocation request to the CA (CA revokes cert with a reason like cessation-of-operation). Generate as many bogus timestamps as you like (The real key owner can't stop you, since the cert/key is already revoked). >If I get two different revocation information for a TSA, information A saying >it's benign revocation, and B saying it's serious revocation, I would consider >it serious revocation. A human probably would, but there's no guarantee a CA will (in a straightforward implementation, a CA will reject any request to revoke a cert which is already revoked since it's a duplicate). Basing the correct functioning of a TSA on what a CA might or might not do (depending on how it's implemented) is kind of risky. Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RJsIC25523 for ietf-pkix-bks; Mon, 27 Aug 2001 12:54:18 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RJsHD25519 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 12:54:17 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id MAA00588; Mon, 27 Aug 2001 12:54:18 -0700 (PDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id PAA28105; Mon, 27 Aug 2001 15:54:18 -0400 (EDT) Message-ID: <3B8AA551.4C79A4AB@sun.com> Date: Mon, 27 Aug 2001 15:53:53 -0400 From: Steve Hanna <steve.hanna@sun.com> Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Tom Gindin <tgindin@us.ibm.com> CC: ietf-pkix@imc.org Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) References: <OF9A74B82C.D88DED72-ON85256AB5.00687B3D@pok.ibm.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Tom Gindin wrote: > While your point that case sensitivity is a cause of name > constraint mismatches is valid, why is this not an issue for RFC822 > addresses as well? Suppose an attacker lists your domain as > "Sun.COM"? In section 11.3.2 of the latest X.509 draft, the > subject is finessed by having certificates match if the > subjectAltName contains a component of the same name type as > the one being checked. RFC 2459 and son-of-2459 both say that rfc822 names are case-insensitive. So if I issue a CA certificate containing an excludedSubtree of type rfc822Name and value "sun.com" and the subject of that certificate issues a certificate with a subject alternative name of type rfc822Name and value "Sun.COM", a path consisting of those two certificates is not valid. Section 11.3.2 of X.509 (4th edition, draft 8) refers to the certificate match rule, which is used to fetch certificates from a directory. You can include an AltNameType to say "only return certificates that contain a subject alternative name of this type." When retrieving certificates from a directory, that's probably fine. You wouldn't want to make the directory server implement support for matching all sorts of alternative name forms. But a validation library that encounters an excludedSubtree of type rfc822Name had better understand how to match names of that type and not allow a subsequent certificate in the path to contain a name that matches the excludedSubtree. The paragraph that you're proposing to change (in the Security Considerations section of son-of-2459) is concerned solely with risks caused by inconsistent application of name comparison rules for distinguished names. son-of-2459 doesn't allow any inconsistencies in name comparison rules for rfc822Names, so there's no risk there (except for buggy implementations that don't meet the spec, which is an entirely different problem). In my commentary on your proposed change, I was just pointing out that it's possible to run into inconsistencies in name comparison rules for distinguished names even if both names use the same encoding. Two UTF8Strings with values "Tom" and "TOM" will be considered equivalent by an implementation that supports case- insensitive comparison of UTF8Strings and not equivalent by an implementation that just does a binary comparison for attributes that are not encoded with PrintableString. So changing that paragraph to focus solely on inconsistencies caused by different encodings is probably not a good idea. Am I missing something here? -Steve Tom Gindin wrote: > > While your point that case sensitivity is a cause of name constraint > mismatches is valid, why is this not an issue for RFC822 addresses as well? > Suppose an attacker lists your domain as "Sun.COM"? In section 11.3.2 of > the latest X.509 draft, the subject is finessed by having certificates > match if the subjectAltName contains a component of the same name type as > the one being checked. > > Tom Gindin > > Steve Hanna <steve.hanna@sun.com> on 08/27/2001 09:57:30 AM > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) > > Tom Gindin wrote: > > As far as I can tell, the only excludedSubtree with DirectoryName > > which is widely usable and doesn't run into the character code > > problems discussed earlier is one which contains a countryName and > > no other attributes. Thus I would not change the last sentence of > > the paragraph (it's good advice anyway) > > I'm glad we agree on that. > > > but would add a new sentence to it after the first sentence as > > follows: "This is particularly hard to guarantee when one or more > > of the attributes in the DN specification is encoded as a CHOICE, > > such as DirectoryString." and change the beginning of the next > > sentence to "If the encodings differ" from "If not". > > For those following along at home, that would change the text to: > > In addition, name constraints for distinguished names MUST be > stated identically to the encoding used in the subject field or > subjectAltName extension. This is particularly hard to guarantee > when one or more of the attributes in the DN specification is > encoded as a CHOICE, such as DirectoryString. If the encodings > differ, then name constraints stated as excludedSubTrees will not > match and invalid paths will be accepted and name constraints > expressed as permittedSubtrees will not match and valid paths will > be rejected. To avoid acceptance of invalid paths, CAs SHOULD > state name constraints for distinguished names as > permittedSubtrees wherever possible. > > Why do you want to make this change? It seems to narrow the focus of > this paragraph to only cases of differing encodings. But different > encodings aren't the only cause of name constraint mismatches. Two > UTF8Strings with values "Tom" and "TOM" won't match using the minimum > son-of-2459 rules, which use binary comparison for UTF8String values. > > -Steve Received: by above.proper.com (8.11.6/8.11.3) id f7RJGBh24869 for ietf-pkix-bks; Mon, 27 Aug 2001 12:16:11 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RJG9D24865 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 12:16:09 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id PAA276776; Mon, 27 Aug 2001 15:13:55 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f7RJ84c173644; Mon, 27 Aug 2001 15:08:04 -0400 Importance: Normal Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) To: Steve Hanna <steve.hanna@sun.com> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-ID: <OF9A74B82C.D88DED72-ON85256AB5.00687B3D@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Mon, 27 Aug 2001 15:16:03 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 08/27/2001 03:16:05 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> While your point that case sensitivity is a cause of name constraint mismatches is valid, why is this not an issue for RFC822 addresses as well? Suppose an attacker lists your domain as "Sun.COM"? In section 11.3.2 of the latest X.509 draft, the subject is finessed by having certificates match if the subjectAltName contains a component of the same name type as the one being checked. Tom Gindin Steve Hanna <steve.hanna@sun.com> on 08/27/2001 09:57:30 AM To: Tom Gindin/Watson/IBM@IBMUS cc: ietf-pkix@imc.org Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) Tom Gindin wrote: > As far as I can tell, the only excludedSubtree with DirectoryName > which is widely usable and doesn't run into the character code > problems discussed earlier is one which contains a countryName and > no other attributes. Thus I would not change the last sentence of > the paragraph (it's good advice anyway) I'm glad we agree on that. > but would add a new sentence to it after the first sentence as > follows: "This is particularly hard to guarantee when one or more > of the attributes in the DN specification is encoded as a CHOICE, > such as DirectoryString." and change the beginning of the next > sentence to "If the encodings differ" from "If not". For those following along at home, that would change the text to: In addition, name constraints for distinguished names MUST be stated identically to the encoding used in the subject field or subjectAltName extension. This is particularly hard to guarantee when one or more of the attributes in the DN specification is encoded as a CHOICE, such as DirectoryString. If the encodings differ, then name constraints stated as excludedSubTrees will not match and invalid paths will be accepted and name constraints expressed as permittedSubtrees will not match and valid paths will be rejected. To avoid acceptance of invalid paths, CAs SHOULD state name constraints for distinguished names as permittedSubtrees wherever possible. Why do you want to make this change? It seems to narrow the focus of this paragraph to only cases of differing encodings. But different encodings aren't the only cause of name constraint mismatches. Two UTF8Strings with values "Tom" and "TOM" won't match using the minimum son-of-2459 rules, which use binary comparison for UTF8String values. -Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RJ6cH24563 for ietf-pkix-bks; Mon, 27 Aug 2001 12:06:38 -0700 (PDT) Received: from femail42.sdc1.sfba.home.com (femail42.sdc1.sfba.home.com [24.254.60.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RJ6bD24558 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 12:06:37 -0700 (PDT) Received: from revelation ([65.4.166.11]) by femail42.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010827190632.MWMC8180.femail42.sdc1.sfba.home.com@revelation>; Mon, 27 Aug 2001 12:06:32 -0700 Reply-To: <jimsch@exmsft.com> From: "Jim Schaad" <jimsch@nwlink.com> To: "'Housley, Russ'" <rhousley@rsasecurity.com>, <chkim@initech.com> Cc: <ietf-pkix@imc.org> Subject: RE: Question about ECDSA. Date: Mon, 27 Aug 2001 12:06:49 -0700 Message-ID: <001201c12f2b$6e67f350$0c00a8c0@soaringhawk.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-reply-to: <5.0.1.4.2.20010823102018.041f7e50@exna07.securitydynamics.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2505.0000 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I had to look, but it appears that RFC2511bis does not do this even though I might have expected it to. There are now some private key items put into the CMC-Archive document but I don't currently have any EC private keys documented there. jim > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Housley, Russ > Sent: Thursday, August 23, 2001 7:22 AM > To: chkim@initech.com > Cc: ietf-pkix@imc.org > Subject: Re: Question about ECDSA. > > > > The ANSI X9 and PKIX documents have never included specifications for > private key syntax. > > Perhaps Certicom can offer a recommended syntax. > > Russ > > > > > >I can't found ECDSA PriveKey OID. > >There is no information about it in X9.62 and your > draft-ietf-pkix-ipki- > >pkalgs-03.txt. > > > >I want to know ECDSA PrivateKey ASN.1 syntax, OID and > >PrivateKeyAlgorithms OID. > >where can I that information? > > > >Thanks. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RJ4c624527 for ietf-pkix-bks; Mon, 27 Aug 2001 12:04:38 -0700 (PDT) Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RJ4aD24523 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 12:04:36 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id NAA04929; Mon, 27 Aug 2001 13:04:34 -0600 (MDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id PAA10150; Mon, 27 Aug 2001 15:04:36 -0400 (EDT) Message-ID: <3B8A99AB.B87AA052@sun.com> Date: Mon, 27 Aug 2001 15:04:11 -0400 From: Steve Hanna <steve.hanna@sun.com> Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: david.cooper@nist.gov, ietf-pkix@imc.org Subject: Re: Path validation and self-signed certificates References: <200108271755.TAA10571@emeriau.edelweb.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter Sylvester wrote: > Why does PKIX need to say something that is essentially > already in X.509? Aren't self-signed certificates of type a) > ignored for path validation in X.509? Most of son-of-2459 is already in X.509. The purpose of our document is to provide a profile of X.509 suitable for the Internet. Why mention name chaining or signature checking in son-of-2459? Because they're part of our profile. Even if we decide to adopt the X.509 behavior and ignore self-signed certificates, we should still mention that in son-of-2459. It's not reasonable to expect people to figure out that some requirement is part of the PKIX profile just because there's one sentence on page 31 of the X.509 spec that explains it. I'm suggesting that we add an additional requirement to our validation algorithm, as we have done before by requiring that the Issuer field MUST contain a non-empty distinguished name (for instance). This requirement would be that the path not contain any self-signed certificates. -Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RHttr23273 for ietf-pkix-bks; Mon, 27 Aug 2001 10:55:55 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RHtqD23269 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 10:55:53 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA25061; Mon, 27 Aug 2001 19:55:49 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Mon, 27 Aug 2001 19:55:49 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id TAA29056; Mon, 27 Aug 2001 19:55:47 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id TAA10571; Mon, 27 Aug 2001 19:55:47 +0200 (MET DST) Date: Mon, 27 Aug 2001 19:55:47 +0200 (MET DST) Message-Id: <200108271755.TAA10571@emeriau.edelweb.fr> To: david.cooper@nist.gov, steve.hanna@sun.com Subject: Re: Path validation and self-signed certificates Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> > This makes path discovery even harder than it was before. If we > require that self-signed certificates be forbidden or ignored in > PKIX path validation, none of this will be a concern. > Why does PKIX need to say something that is essentially already in X.509? Aren't self-signed certificates of type a) ignored for path validation in X.509? Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RHdnj22955 for ietf-pkix-bks; Mon, 27 Aug 2001 10:39:49 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7RHdmD22951 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 10:39:48 -0700 (PDT) Received: from sdtihq24.securid.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 27 Aug 2001 17:37:25 UT Received: from tuna.rsa.com (tuna.rsa.com [10.80.211.153]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id NAA03897; Mon, 27 Aug 2001 13:35:50 -0400 (EDT) Received: from rsasecurity.com ([10.81.217.242]) by tuna.rsa.com (8.8.8+Sun/8.8.8) with ESMTP id KAA13048; Mon, 27 Aug 2001 10:12:52 -0700 (PDT) Message-ID: <3B8A7EA0.B1B9A66B@rsasecurity.com> Date: Mon, 27 Aug 2001 10:08:48 -0700 From: Jeff Jacoby <jjacoby@rsasecurity.com> Organization: RSA Security, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "David A. Cooper" <david.cooper@nist.gov> CC: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 References: <4.2.2.20010825150842.00bcb530@email.nist.gov> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Dave, Thank you for the answers (and also to the other question I'd had on "any-policy"), they are of enormous help. Excellent artwork, too! Jeff "David A. Cooper" wrote: > > At 03:12 PM 8/21/01 -0700, Jeff Jacoby wrote: > > Section 6.1.4 Preperation for certificate i+1, step (b)(1). the > second paragraph reads: > > "If no node of depth i in the valid_policy_tree has a > valid_policy of ID-P but there is a node of depth i with a > valid_policy of any-policy, then generate a child node of the > node of depth i-1 that has a valid_policy of any-policy as > follows:" > > Should it really be: > > "If no node of depth i in the valid_policy_tree has a > valid_policy of ID-P but there is a node of depth i-1 with a > valid_policy of any-policy, then generate a child node of the > node of depth i-1 that has a valid_policy of any-policy as > follows:" > > (note the difference in the first sentence, "i" vs "i-1"). Afterall, > the last sentence implies there must be a node of depth i-1 with a > valid_policy of any-policy. > > Actually, I believe that the original text was correct. To see why, > consider the following two examples: > > In the first example, the first certificate in the path contains the > following policy extensions: > > certificatePolicies = {anyPolicy, a} > policyMappings = {a --> c, b --> d} > > After carrying out the steps in section 6.1.3, the valid_policy_tree, > excluding the qualifier_set and criticality_indicator fields, would be > (NOTE: this is best viewed with a fixed-width font): > > +----------------+ > | any-policy | <---- valid_policy > +----------------+ > | any-policy | <---- expected_policy_set > +----------------+ > / \ > / \ > +----------------+ +----------------+ > | any-policy | | a | <---- valid_policy > +----------------+ +----------------+ > | any-policy | | {a} | <---- > expected_policy_set > +----------------+ +----------------+ > > After the policy mappings extension is processed, the result is: > > +----------------+ > | any-policy | <---- valid_policy > +----------------+ > | any-policy | <---- expected_policy_set > +----------------+ > / | \ > / | \ > +----------------+ +----------------+ +----------------+ > | any-policy | | b | | a | <---- > valid_policy > +----------------+ +----------------+ +----------------+ > | any-policy | | {d} | | {c} | <---- > expected_policy_set > +----------------+ +----------------+ +----------------+ > > In this case, the result would be the same whether the current text or > the proposed text were used. Note that, by construction, if there is a > node of depth i with valid_policy any-policy, there must also be a node > of depth i-1 with valid_policy any-policy. > > The second example shows a case in which the two algorithms differ. In > this case, the first certificate in the path contains the following > policy extensions: > > certificatePolicies = {a} > policyMappings = {a --> c, b --> d} > > +----------------+ > | any-policy | <---- valid_policy > +----------------+ > | any-policy | <---- expected_policy_set > +----------------+ > | > | > +----------------+ > | a | <---- valid_policy > +----------------+ > | {a} | <---- expected_policy_set > +----------------+ > > When the policy mappings extension is processed, the expected_policy_set > for the node at depth 1 is changed from {a} to {c}. Since there is no > node of depth 1 with a valid_policy of any-policy, the mapping from b to > d is ignored. The result is: > > +----------------+ > | any-policy | <---- valid_policy > +----------------+ > | any-policy | <---- expected_policy_set > +----------------+ > | > | > +----------------+ > | a | <---- valid_policy > +----------------+ > | {c} | <---- expected_policy_set > +----------------+ > > If the proposed text were followed, a node of depth i with a > valid_policy of b and expected_policy_set of {d} would be created. > However, this would make it appear as if b appeared in the > certificatePolicies extension. In the first example, this was OK since > b was implicitly included in the certificatePolicies extension through > the inclusion of anyPolicy. In the second example, however, b was > neither explicitly nor implicitly included in the certificatePolicies > extension. So, in the second example, b should not appear as the > valid_policy in any node of depth i. > > So, in effect, the phrase "if ... there is a node of depth i with a > valid_policy of any-policy" is checking to see if anyPolicy was included > in the certificatePolicies extension. If so, then the issuing domain > policy ID-P was implicitly included in the certificatePolicies extension > and the mapping from the issuing domain policy to the subject domain > policy can be included in the valid_policy tree just as if the issuing > domain policy had been explicitly included in the certificatePolicies > extension. If neither the issuing domain policy nor anyPolicy was > included in the certificatePolicies extension, then the mapping should > be ignored. > > Second issue is a simple typo. The very last sentence in section 6.1.4 > reads: > > "If (a), (k), (l), (n) and (o) have completed successfully, increment > i and perform the basic certificate processing specified in 6.1.2." > > it should be: > > "If (a), (k), (l), (n) and (o) have completed successfully, increment > i and perform the basic certificate processing specified in 6.1.3." > > (6.1.2 is Initialization) > > Good catch. > > Finally, in the wrap-up description, section 6.1.5 step (g)(iii) 1. > reads: > > "1. Determine the set of policy nodes whose ancestor nodes > have a valid_policy of any-policy. This is the > valid_policy_node_set." > > Since the root node (depth 0) has valid_policy of any-policy, and it is > an ancestor to every node in the tree, this would seem to mean (to me) > the whole tree is in the valid_policy_node_set. Or does "ancestor node" > mean something different? > > I believe that "ancestor" should be replaced by "parent". The idea is > to compare policies from the user-initial-policy-set to policies in the > valid_policy_tree that came from the domain of the relying party. Thus, > we must look at nodes in the valid_policy_tree as close to the root as > possible, before any policy mappings have taken place. If a node's > parent has a valid_policy of any-policy, then no policy mappings could > have been performed in any of that node's ancestors (i.e., in each of > the node's ancestors, the expected_policy_set and the valid_policy are > both any-policy) and so it is reasonable to check whether that node's > valid_policy appears in the user-initial-policy-set. If a node's parent > vald_policy other than any-policy then either a policy mapping has > occurred (in which case the node's valid_policy should not be compared > to the user-initial-policy-set) or no mapping has occurred (in which > case one or more of the node's ancestors contains the same valid_policy, > and one of those ancestor nodes will be compared against the > user-initial-policy-set). > > Dave -- Jeff Jacoby, Sr. Programmer RSA Security Inc., SMDC jjacoby@rsasecurity.com 2755 Campus Dr., Ste. 300 (650) 295-7569 San Mateo, CA 94403 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RHQXX22709 for ietf-pkix-bks; Mon, 27 Aug 2001 10:26:33 -0700 (PDT) Received: from carbone.certplus.com ([195.101.88.81]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RHQVD22705 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 10:26:31 -0700 (PDT) Received: from certplus.com ([192.168.212.27]) by carbone.certplus.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 27 Aug 2001 19:26:24 +0200 Message-ID: <3B8A82D0.32FC67A5@certplus.com> Date: Mon, 27 Aug 2001 19:26:41 +0200 From: Jean-Marc Desperrier <jean-marc.desperrier@certplus.com> Organization: Certplus X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: New test TSA available References: <200108271454.CAA422476@ruru.cs.auckland.ac.nz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 27 Aug 2001 17:26:24.0406 (UTC) FILETIME=[655A5360:01C12F1D] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter Gutmann wrote: > The first item in "Security Considerations" (referred to above) is pretty > risky. An un-compromised TSA key should be destroyed, but not explicitly > revoked. If it is revoked then it's necessary to create a benign vs serious > revocation condition (which is what the text does) which can be exploited > because all I need to do after stealing the TSA key is to revoke it in a benign > manner and then generate all the fake timestamps I want. The TSA is signed by a CA. If I steal the TSA key, I can forge timestamp, but not the revocation information. I'd need to steal both keys to do that. Self-signed TSA certificate is against the letter of the draft, the key should be used only to sign request. I know this is pushing it a bit far, but in a discussion about that, the draft's authors seemed to agree with that interpretation. > The real key owner > can't do anything about it because my benign revocation has pre-empted any > attempt at a serious revocation. I'm not sure. If the TSA's CA does not revoke the TSA, that mean it will sign information that says it's not revoked. The key stealer has the choice between signing non-revoked information or benign revocation information. If I get two different revocation information for a TSA, information A saying it's benign revocation, and B saying it's serious revocation, I would consider it serious revocation. Guessing what the user will be able to do in case of compromise of the key used for revocation information is a bit difficult. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RG0xO21022 for ietf-pkix-bks; Mon, 27 Aug 2001 09:00:59 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RG0vD21018 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 09:00:57 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id JAA09817; Mon, 27 Aug 2001 09:00:57 -0700 (PDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id MAA28340; Mon, 27 Aug 2001 12:00:56 -0400 (EDT) Message-ID: <3B8A6E9C.1B98CAAC@sun.com> Date: Mon, 27 Aug 2001 12:00:28 -0400 From: Steve Hanna <steve.hanna@sun.com> Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "David A. Cooper" <david.cooper@nist.gov> CC: ietf-pkix@imc.org Subject: Re: Path validation and self-signed certificates References: <4.2.2.20010825163905.00bc5b30@email.nist.gov> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I agree with David on this. One more reason that self-signed certificates should be forbidden in path validation is that, if they are allowed, there are situations where a path may be valid if a self-signed certificate is added to it and invalid otherwise (if the self-signed certificate contains policy mappings, for instance). This situation should never arise in a well-managed PKI, but it means that in order for a path discovery library to be *absolutely* certain that no valid path can be constructed from a given set of certificates, self-signed certificates must be considered. In fact, there are cases where a self-signed certificate may need to appear multiple times in a row! This makes path discovery even harder than it was before. If we require that self-signed certificates be forbidden or ignored in PKIX path validation, none of this will be a concern. I suggest that son-of-2459 forbid the use of self-signed certificates in paths. We should require that any path containing a self-signed certificate be regarded as invalid. It's tempting to simply ignore self-signed certificates, as X.509 now does. This would provide maximum compatibility with X.509 and handle the common case where a trust anchor is accidentally included at the start of a certification path. But I think this can lead to security holes. If a self-signed certificate is the last certificate in the chain and validation of the chain succeeds, a naive application may extract the subject alternative name or other fields from the self-signed certificate and assume that they have been validated (when in fact the entire certificate was ignored). We could forbid the use of self-signed certificates as the last certificate in the chain and specify that they are ignored otherwise, but this just complicates the algorithm. And do we really want to allow a valid path to contain a certificate whose revocation status and signature has not been checked? Simply discouraging the inclusion of self-signed certificates in certification paths but not forbidding their inclusion leaves open the question of how validation routines should process them. This increases the chances of the problems described below. So I recommend that son-of-2459 specify that any path that contains a self-signed certificate is invalid. -Steve "David A. Cooper" wrote: > > All, > > I believe that PKIX should either discourage or forbid the inclusion of self-signed certificates in certification paths for the following reasons: > > 1) Section 8.1.5 of the 4th edition of X.509 states that > > There are three circumstances under which a certification authority may > issue a certificate to itself: > > a) as a convenient way of encoding its public key for communication to, > and storage by, its certificate users; > > b) ... > > For purposes of path validation, self-issued certificates of type a) are verified > with the public key contained in them, and if they are encountered in the path, > they shall be ignored. > > So, X.509 states that self-signed certificate are only to be used as a convenient way of encoding a public key, and that self-signed certificates, if they are encountered in a certification path are to be ignored. Thus, if PKIX were to allow the processing of self-signed certificates, it would not be compliant with X.509. > > 2) As Peter Hesse pointed out, many CAs issue self-signed certificates with a minimum necessary information (e.g., a version 1 certificate with just a name, public key, and validity dates). Any such certificates included in a certification path would result in an empty valid_policy_tree. Old-with-new and new-with-old self-issued certificates are designed to be used as part of certification paths and so should contain all of the necessary extensions (e.g., basicConstraints, certificatePolicies), but self-signed certificates may be been issued simply as a means of distributing the public key to relying parties that will use that key as a trust anchor. If these certificates are included in, and are processed as parts of, certification paths, the results may be rejecting end certificates that should be have been accepted. > > 3) If a CA suspects that its key has been compromised (or it otherwise determines that none of the certificates it has issued should be considered valid), it should request that every certificate issued to it be revoked (as is stated in the Security Considerations section). If possible, it should also revoke all of the certificates it has issued (not just its self-signed certificate). If a CA can revoke its own self-signed certificate then it can revoke all of the certificates it has issued. Doing so will ensure that all relying parties know about the revocation, not just those relying parties that check to see whether the signed-signed certificate has been revoked. > > 4) If an organization uses client software that processes self-signed certificates, there is risk that that organization will issue certificates from its own CA assuming that relying parties process self-signed certificates. This organization's CA may then issue self-signed certificates with constraints (e.g., name constraints, path length constraints, etc.) that they expect relying parties to see, but the CA, assuming that relying parties will process its self-signed certificates, may not include the constraints in any of its other certificates. > > So, if there is no set rule, there is the risk that relying parties that do process self-signed certificates will lose some interoperability and those that do not will overlook intended path processing constraints. > > Hiroyuki Sakakibara presented an example in which processing self-signed certificates helped to prevent a security breach. In his example, A issues a cross-certificate to B and B's private key is compromised. Hiroyuki pointed out that by processing B's self-signed certificate (to see if it has expired or has been revoked) one may have a chance to detect the compromise even if A does not cooperate by revoking the certificate that it issued to B. However, as he pointed out, this is not foolproof. The entity that compromised B's key could issue a new self-signed certificate with a later notAfter date along with CRLs that make it appear as if B's certificates are still good. If on the other hand, B were able to get its own CRLs to relying parties, it could just revoke all of its certificates instead of just its self-signed certificate, thus ensuring that any relying party that receives its CRLs will know that its certificates can not be trusted, whether they process B's self-s! ! ! > igned certificates or not. > > In general though, if a certification path of the form ... --> A --> B --> ... is being processed, I don't think there is much that B can do to protect relying parties from A's improper behavior. If A issues certificates to B with notAfter dates that are later than they should be or if A refuses to revoke B's certificate when requested to do so, there is little that B can do to protect A's relying parties (or the relying parties of any CA that preceded A in the path) from A, particularly in the case when B's private key has been compromised. I don't think that it is worth diverging from X.509 and introducing interoperability problems into PKIX in an attempt to try. > > Dave > > At 04:37 PM 8/24/01 -0700, Ryan Hurst wrote: > >Peter - > > > >I agree with your comments on self-signed certificates in chains with only one exception, specifically in regards to revocation. There are several cases where the revocation of a self-signed CA would make sense, what about cessationOfOperation, superseded and affiliationChanged? These reasons do not imply any sort of compromise of key material. We make many "known assumptions" in PKI and the catch 22 of key material management and trust is one of them, without these "known assumptions" many of the things in son-off fall apart. > > > >Ryan Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RFrM219704 for ietf-pkix-bks; Mon, 27 Aug 2001 08:53:22 -0700 (PDT) Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RFrJD19692 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 08:53:20 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <Q8L2DFSL>; Mon, 27 Aug 2001 11:53:13 -0400 Message-ID: <B8C72DA21548524180BE5AB32D65F6C206D049@sottmxs09.entrust.com> From: Carlisle Adams <carlisle.adams@entrust.com> To: "'pgut001@cs.auckland.ac.nz'" <pgut001@cs.auckland.ac.nz> Cc: ietf-pkix@imc.org Subject: RE: New test TSA available Date: Mon, 27 Aug 2001 11:53:12 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C12F10.607ECEF0" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C12F10.607ECEF0 Content-Type: text/plain Hi Peter, > ---------- > From: pgut001@cs.auckland.ac.nz[SMTP:pgut001@cs.auckland.ac.nz] > Sent: Monday, August 27, 2001 10:54 AM > To: ietf-pkix@imc.org > Subject: Re: New test TSA available > > > I've now updated the TSA to conform to the latest draft (except for the > TSA > cert, because I'm using a shared generic cert which gets recycled for SSL, > OCSP, CMP, and everything else). And now a rant about the latest draft... > > <rant> > > Since I last looked at this, it seems to have picked up an incredible > amount of > unnecessary and confusing cruft. There are two main things which stand > out, > the first is that everything seems to be repeated two or three times over, > sometimes in consecutive sentences but usually spread far apart and stated > in a > contradictory and confusing manner. The other thing is that there seems > to be > way too much text in there which doesn't serve any purpose except to > confuse > the reader. For example consider the bit which begins: (...some text deleted...) > </rant> > > Peter. I'm sure we all appreciated your edifying rant. Might I suggest that you some day write your own Internet Draft and successfully guide it to standards-track RFC status, carefully negotiating your way through scores of requests for additional functionality and never-ending clarification (over a period of several years) without compromising your original desire for brevity and simplicity in any way? Once you have done this, you will no doubt win the heart-felt (albeit silent) respect of many of your peers. Unfortunately, you will probably also have to endure the heart-felt (albeit vocal) criticism of those few who are still not satisfied. It's a thankless task, but one I would be happy to see you undertake. Carlisle. ------_=_NextPart_001_01C12F10.607ECEF0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUS-ASCII"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>RE: New test TSA available</TITLE> </HEAD> <BODY> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Hi = Peter,</FONT> </P> <UL> <P><FONT SIZE=3D2 FACE=3D"MS Sans Serif">----------</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">From:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">pgut001@cs.auckland.ac.nz[SMTP:pgut001@cs.auckland.ac.nz]</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Sent:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans Serif">Monday, August 27, 2001 10:54 = AM</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">To:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">ietf-pkix@imc.org</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Subject:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">Re: New test TSA available</FONT> </P> <BR> <P><FONT SIZE=3D2 FACE=3D"Arial">I've now updated the TSA to conform to = the latest draft (except for the TSA</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">cert, because I'm using a shared = generic cert which gets recycled for SSL,</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">OCSP, CMP, and everything = else). And now a rant about the latest draft...</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial"><rant></FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">Since I last looked at this, it seems = to have picked up an incredible amount of</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">unnecessary and confusing = cruft. There are two main things which stand out,</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">the first is that everything seems to = be repeated two or three times over,</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">sometimes in consecutive sentences = but usually spread far apart and stated in a</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">contradictory and confusing = manner. The other thing is that there seems to be</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">way too much text in there which = doesn't serve any purpose except to confuse</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">the reader. For example = consider the bit which begins:</FONT> </UL> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman"> </FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">(...some = text deleted...)</FONT> </P> <UL> <P><FONT SIZE=3D2 FACE=3D"Arial"></rant></FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">Peter.</FONT> </UL> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman"> </FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">I'm sure = we all appreciated your edifying rant.</FONT> </P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Might I = suggest that you some day write your own Internet Draft and = successfully guide it to standards-track RFC status, carefully = negotiating your way through scores of requests for additional = functionality and never-ending clarification (over a period of several = years) without compromising your original desire for brevity and = simplicity in any way?</FONT></P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Once you = have done this, you will no doubt win the heart-felt (albeit silent) = respect of many of your peers. Unfortunately, you will probably = also have to endure the heart-felt (albeit vocal) criticism of those = few who are still not satisfied.</FONT></P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">It's a = thankless task, but one I would be happy to see you undertake.</FONT> </P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman">Carlisle.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C12F10.607ECEF0-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7REsQW15325 for ietf-pkix-bks; Mon, 27 Aug 2001 07:54:26 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7REsPD15321 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 07:54:25 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id CAA21237 for <ietf-pkix@imc.org>; Tue, 28 Aug 2001 02:54:21 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id CAA422476 for ietf-pkix@imc.org; Tue, 28 Aug 2001 02:54:20 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Tue, 28 Aug 2001 02:54:20 +1200 (NZST) Message-ID: <200108271454.CAA422476@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org Subject: Re: New test TSA available Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I've now updated the TSA to conform to the latest draft (except for the TSA cert, because I'm using a shared generic cert which gets recycled for SSL, OCSP, CMP, and everything else). And now a rant about the latest draft... <rant> Since I last looked at this, it seems to have picked up an incredible amount of unnecessary and confusing cruft. There are two main things which stand out, the first is that everything seems to be repeated two or three times over, sometimes in consecutive sentences but usually spread far apart and stated in a contradictory and confusing manner. The other thing is that there seems to be way too much text in there which doesn't serve any purpose except to confuse the reader. For example consider the bit which begins: The messageImprint field SHOULD contain the hash of the datum to be time stamped. The hash is represented as an OCTET STRING. Its length MUST match the length of the hash value for that algorithm (e.g. 20 bytes for SHA-1 or 16 bytes for MD5). As opposed to the alternative 50-byte OCTET STRING for SHA-1? What other option is there, and why is it even necessary to specify this? One useful rule which someone once told me when writing something like this is "Never include a statement if its negation is obviously false", there's no need for that entire statement because there's no other length possible for a given hash function. The hash algorithm indicated in the hashAlgorithm field SHOULD be a known hash algorithm (one-way and collision resistant). That means that it SHOULD be one-way and collision resistant. As opposed to a hashAlgorithm for a known hash algorithm (one-way and collision resistant) which isn't one-way and collision resistant perhaps? The Time Stamp Authority SHOULD check whether or not the given hash algorithm is known to be "sufficient" (based on the current state of knowledge in cryptanalysis and the current state of the art in computational resources, for example). If the TSA does not recognize the hash algorithm or knows that the hash algorithm is weak (a decision left to the discretion of each individual TSA), then the TSA SHOULD refuse to provide the Time Stamp Token by returning a pkiStatusInfo of 'bad_alg'. This whole text block doesn't say anything useful, and even if it did it's matter of TSA policy and/or interop profiles/signature legislation/whatever to decide what does and doesn't constitute an acceptable hash algorithm. Since the text doesn't say anything useful (it leaves it open to the TSA to do whatever they want), why is it even here? If the certReq field is missing or if the certReq field is present and set to false then the certificates field from the SignedData structure MUST not be present in the response. Given that the field is DEFAULT FALSE, it can never be "present and set to false". The extensions field is a generic way to add additional information to the request in the future. Extensions is defined in [RFC 2459]. If an extension, whether it is marked critical or not critical, is used by a requester but is not recognized by a time stamping server, the server SHALL not issue a token and SHALL return a failure (unacceptedExtension). This text first defines extensions in terms of RFC 2459 and then in the next sentence specifies handling of extensions which directly contradicts RFC 2459. Why is it necessary to have this special-case handling for extensions? Given that TSAs will (presumably) be using standard implementations of whatever standards are appropriate (X.509 and CMS), is it really necessary to specify an extension-handling behaviour which differs from either of the standards which TSP is built on? It's made even worse in the second place where extension-handling behaviour is specified: Conforming timestamping requesters MUST be able to recognize version 1 Timestamp tokens with all the optional fields present, but are not mandated to understand the semantics of any extension, if present. This time it's still behaviour which contradicts RFC 2459, but now it also contradicts the behaviour mandated earlier in the same draft (admittedly one is for clients and the other for servers). Is there any reason for not following the standard (that is, RFC 2459) on this? There are other places where non-RFC 2459 behaviour is mandated, for example: When the reasonCode extension relative to the revoked certificate from the TSA is present in the CRL entry extensions, it SHALL be set either to unspecified (0), affiliationChanged (3), superseded (4) or cessationOfOperation (5). when RFC 2459 says: CAs are strongly encouraged to include meaningful reason codes in CRL entries; however, the reason code CRL entry extension SHOULD be absent instead of using the unspecified (0) reasonCode value. (in fact the whole section which contains this text is a bad idea, I'll go into this in more detail further on). Now we get to a tour de force example of the "Never include a statement if its negation is obviously false" rule: Compliant servers SHOULD NOT produce any other values. Given that there are no other values defined, what other option could there possibly be? -> Never include a statement if its negation is obviously false. Compliant clients MUST generate an error if values it does not understand are present. As opposed to, say, inventing values which look plausible and continuing? -> Never include a statement if its negation is obviously false These are the only values of PKIFailureInfo that SHALL be supported. Given that there are no other values defined, what other option could there possibly be? -> Never include a statement if its negation is obviously false. Compliant servers SHOULD NOT produce any other values. Yes, we know, you just told us that -> Never include a statement if its negation is obviously false. Compliant clients MUST generate an error if values it does not understand are present. See above -> Never include a statement if its negation is obviously false. The certificate identifier (ESSCertID) of the TSA certificate MUST be included as a signerInfo attribute inside a SigningCertificate attribute. [...] the certificate identifier (ESSCertID Attribute) inside a SigningCertificate attribute which is part of the signerInfo (See Section 5 of [ESS]). This appears to be contradictory, but if you read it carefully it's probably saying the same thing. This is another example of how repeating the same thing several times in different locations does nothing but confuse the reader. There are other places where similar things occur... I'm sure that I could remove at least 25% of the total text in the draft without it having any effect except to improve legibility. The first item in "Security Considerations" (referred to above) is pretty risky. An un-compromised TSA key should be destroyed, but not explicitly revoked. If it is revoked then it's necessary to create a benign vs serious revocation condition (which is what the text does) which can be exploited because all I need to do after stealing the TSA key is to revoke it in a benign manner and then generate all the fake timestamps I want. The real key owner can't do anything about it because my benign revocation has pre-empted any attempt at a serious revocation. A better suggestion would be to use short- term TSA keys, which sidesteps the whole problem. </rant> Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RE0jF12530 for ietf-pkix-bks; Mon, 27 Aug 2001 07:00:45 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RE0hD12523 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 07:00:43 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id GAA15398; Mon, 27 Aug 2001 07:00:13 -0700 (PDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id JAA13694; Mon, 27 Aug 2001 09:58:00 -0400 (EDT) Message-ID: <3B8A51CA.90CDE8D2@sun.com> Date: Mon, 27 Aug 2001 09:57:30 -0400 From: Steve Hanna <steve.hanna@sun.com> Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Tom Gindin <tgindin@us.ibm.com> CC: ietf-pkix@imc.org Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) References: <OFB75189A9.8DA4A4E6-ON85256AB1.005CD480@pok.ibm.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Tom Gindin wrote: > As far as I can tell, the only excludedSubtree with DirectoryName > which is widely usable and doesn't run into the character code > problems discussed earlier is one which contains a countryName and > no other attributes. Thus I would not change the last sentence of > the paragraph (it's good advice anyway) I'm glad we agree on that. > but would add a new sentence to it after the first sentence as > follows: "This is particularly hard to guarantee when one or more > of the attributes in the DN specification is encoded as a CHOICE, > such as DirectoryString." and change the beginning of the next > sentence to "If the encodings differ" from "If not". For those following along at home, that would change the text to: In addition, name constraints for distinguished names MUST be stated identically to the encoding used in the subject field or subjectAltName extension. This is particularly hard to guarantee when one or more of the attributes in the DN specification is encoded as a CHOICE, such as DirectoryString. If the encodings differ, then name constraints stated as excludedSubTrees will not match and invalid paths will be accepted and name constraints expressed as permittedSubtrees will not match and valid paths will be rejected. To avoid acceptance of invalid paths, CAs SHOULD state name constraints for distinguished names as permittedSubtrees wherever possible. Why do you want to make this change? It seems to narrow the focus of this paragraph to only cases of differing encodings. But different encodings aren't the only cause of name constraint mismatches. Two UTF8Strings with values "Tom" and "TOM" won't match using the minimum son-of-2459 rules, which use binary comparison for UTF8String values. -Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7RBhOp27526 for ietf-pkix-bks; Mon, 27 Aug 2001 04:43:24 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7RBhMD27522 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 04:43:22 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id XAA17707; Mon, 27 Aug 2001 23:41:42 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id XAA419420; Mon, 27 Aug 2001 23:41:38 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Mon, 27 Aug 2001 23:41:38 +1200 (NZST) Message-ID: <200108271141.XAA419420@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: jean-marc.desperrier@certplus.com Subject: Re: New test TSA available Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Jean-Marc Desperrier <jean-marc.desperrier@certplus.com> writes: >A draft is just that, a draft. There isn't, and hasn't to be a formalism for >interoperability between versions of a draft. That's exactly the point I was trying to make, that you can't have versions for something which hasn't even reached 1.0 yet. Based on the last message from Todd Glassey, I have the feeling we've been talking about two completely different things, or at least I don't see how his concept of a version coincides with the way I thought they worked. (Actually given that some RFCs seem to be in a perpetual draft state, you may need versions for drafts after all :-). Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7R9w8F20550 for ietf-pkix-bks; Mon, 27 Aug 2001 02:58:08 -0700 (PDT) Received: from carbone.certplus.com (facteur.certplus.com [195.101.88.81]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7R9w6D20540 for <ietf-pkix@imc.org>; Mon, 27 Aug 2001 02:58:07 -0700 (PDT) Received: from certplus.com ([192.168.212.27]) by carbone.certplus.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 27 Aug 2001 11:57:34 +0200 Message-ID: <3B8A199E.1E69D01A@certplus.com> Date: Mon, 27 Aug 2001 11:57:50 +0200 From: Jean-Marc Desperrier <jean-marc.desperrier@certplus.com> Organization: Certplus X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 CC: ietf-pkix@imc.org Subject: Re: New test TSA available References: <200108260300.PAA385198@ruru.cs.auckland.ac.nz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 27 Aug 2001 09:57:34.0421 (UTC) FILETIME=[B1D4B850:01C12EDE] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter Gutmann wrote: > But the token only allows one version value, v1, which is always present anyway > (that is, it's a non-optional field). Thus my earlier questions, that there's > no way to indicate that you're using draft-n because it's assumed there's only > one version, v1, as per the final RFC. That means that anything from > draft-....-01 through to RFCxxxx can only indicate use of v1. A draft is just that, a draft. " It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress" And basically, you want them to become reference material. There isn't, and hasn't to be a formalism for interoperability between versions of a draft. What is needed is a finalized version of this protocol in an RFC, so that _this_ becomes a reference, and something one can actually use for interoperability. As long as this doesn't exist, the tokens can't be anything more than laboratory experiments. Therefore the true question is why is this RFC still not there when supposedly the draft is on the last stages of approval since monthes, and there hasn't been any point raised about it in this mailing list since a long time ? Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7R307H18756 for ietf-pkix-bks; Sun, 26 Aug 2001 20:00:07 -0700 (PDT) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7R305D18751 for <ietf-pkix@imc.org>; Sun, 26 Aug 2001 20:00:05 -0700 (PDT) Received: from tsg1 ([12.81.65.104]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010827030002.DERY18450.mtiwmhc23.worldnet.att.net@tsg1>; Mon, 27 Aug 2001 03:00:02 +0000 Message-ID: <000601c12ea4$3c6e9980$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz> Cc: <ietf-pkix@imc.org> References: <200108260300.PAA385198@ruru.cs.auckland.ac.nz> Subject: Re: New test TSA available Date: Sun, 26 Aug 2001 07:33:23 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter - the token's only allowing for one version spells its demise in my book. The legal processes of timestamping are far from formalized and with GLB and the ECPA here in the states its a can of worms to say the least. What that means is that any token system must be able to permute or evolve to meet any number of event capture and representation needs or the protocol is of such little use that there is no reason to standardize it other than our egos. You and many others may not like those words but since we are finally to a place where the tokens are supposed to represent evidentiary marques, doing anything less is foolish IMHO. Todd Glassey ----- Original Message ----- From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz> To: <pgut001@cs.auckland.ac.nz>; <todd.glassey@worldnet.att.net> Cc: <> Sent: Saturday, August 25, 2001 8:00 PM Subject: Re: New test TSA available > > "todd glassey" <todd.glassey@worldnet.att.net> writes: > > >Stick it (the version tag) in the token, > > But the token only allows one version value, v1, which is always present anyway > (that is, it's a non-optional field). Thus my earlier questions, that there's > no way to indicate that you're using draft-n because it's assumed there's only > one version, v1, as per the final RFC. That means that anything from > draft-....-01 through to RFCxxxx can only indicate use of v1. > > Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7Q30p218877 for ietf-pkix-bks; Sat, 25 Aug 2001 20:00:51 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7Q30lD18873 for <ietf-pkix@imc.org>; Sat, 25 Aug 2001 20:00:48 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id PAA08909; Sun, 26 Aug 2001 15:00:41 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id PAA385198; Sun, 26 Aug 2001 15:00:40 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Sun, 26 Aug 2001 15:00:40 +1200 (NZST) Message-ID: <200108260300.PAA385198@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, todd.glassey@worldnet.att.net Subject: Re: New test TSA available Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> "todd glassey" <todd.glassey@worldnet.att.net> writes: >Stick it (the version tag) in the token, But the token only allows one version value, v1, which is always present anyway (that is, it's a non-optional field). Thus my earlier questions, that there's no way to indicate that you're using draft-n because it's assumed there's only one version, v1, as per the final RFC. That means that anything from draft-....-01 through to RFCxxxx can only indicate use of v1. Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7Q2Kgi18312 for ietf-pkix-bks; Sat, 25 Aug 2001 19:20:42 -0700 (PDT) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7Q2KeD18308 for <ietf-pkix@imc.org>; Sat, 25 Aug 2001 19:20:40 -0700 (PDT) Received: from tsg1 ([12.81.65.107]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010826022024.QRAD18450.mtiwmhc23.worldnet.att.net@tsg1>; Sun, 26 Aug 2001 02:20:24 +0000 Message-ID: <0c8501c12dd5$8ce582e0$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz> Cc: <ietf-pkix@imc.org> References: <200108260057.MAA383133@ruru.cs.auckland.ac.nz> Subject: Re: New test TSA available Date: Sat, 25 Aug 2001 19:19:21 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter - Stick it (the version tag) in the token, and the reason is that from an evaluation side view, to remove all doubt as to compliance of the token to the spec level. For instance 5 years form now when there are 50 versions of the V1 system deployed all churning out V1 tokens and the V2 structure and rule set is in review by PKIX we may wish we could differentiate the two tokens from each other in the same protocol. Todd ----- Original Message ----- From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz> To: <pgut001@cs.auckland.ac.nz>; <tho@andxor.com>; <todd.glassey@worldnet.att.net> Cc: <>; <r.galli@com-and.com> Sent: Saturday, August 25, 2001 5:57 PM Subject: Re: New test TSA available > > "todd glassey" <todd.glassey@worldnet.att.net> writes: > > >The TSA should by its response message also identify which standard or draft > >level it complies to. > > How? And why? Since there's only supposed to be one version of the standard > (the final RFC), there doesn't seem to be any means of indicating which draft > was used (actually my code does implicitly indicate which draft was used, which > is "not a very recent one" :-). > > Peter. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7Q0wMN16555 for ietf-pkix-bks; Sat, 25 Aug 2001 17:58:22 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7Q0wKD16549 for <ietf-pkix@imc.org>; Sat, 25 Aug 2001 17:58:20 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id MAA07145; Sun, 26 Aug 2001 12:57:34 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id MAA383133; Sun, 26 Aug 2001 12:57:28 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Sun, 26 Aug 2001 12:57:28 +1200 (NZST) Message-ID: <200108260057.MAA383133@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, tho@andxor.com, todd.glassey@worldnet.att.net Subject: Re: New test TSA available Cc: ietf-pkix@imc.org, r.galli@com-and.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> "todd glassey" <todd.glassey@worldnet.att.net> writes: >The TSA should by its response message also identify which standard or draft >level it complies to. How? And why? Since there's only supposed to be one version of the standard (the final RFC), there doesn't seem to be any means of indicating which draft was used (actually my code does implicitly indicate which draft was used, which is "not a very recent one" :-). Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7PLZVm12974 for ietf-pkix-bks; Sat, 25 Aug 2001 14:35:31 -0700 (PDT) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7PLZUD12970 for <ietf-pkix@imc.org>; Sat, 25 Aug 2001 14:35:30 -0700 (PDT) Received: from krdp2 (krdp2.ncsl.nist.gov [129.6.54.107]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id RAA14346 for <ietf-pkix@imc.org>; Sat, 25 Aug 2001 17:35:47 -0400 (EDT) Message-Id: <4.2.2.20010825163905.00bc5b30@email.nist.gov> X-Sender: cooper@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sat, 25 Aug 2001 17:33:29 -0400 To: ietf-pkix@imc.org From: "David A. Cooper" <david.cooper@nist.gov> Subject: RE: Path validation and self-signed certificates In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE185@exchange.valicert .com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f7PLZUD12971 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> All, I believe that PKIX should either discourage or forbid the inclusion of self-signed certificates in certification paths for the following reasons: 1) Section 8.1.5 of the 4th edition of X.509 states that There are three circumstances under which a certification authority may issue a certificate to itself: a) as a convenient way of encoding its public key for communication to, and storage by, its certificate users; b) ... For purposes of path validation, self-issued certificates of type a) are verified with the public key contained in them, and if they are encountered in the path, they shall be ignored. So, X.509 states that self-signed certificate are only to be used as a convenient way of encoding a public key, and that self-signed certificates, if they are encountered in a certification path are to be ignored. Thus, if PKIX were to allow the processing of self-signed certificates, it would not be compliant with X.509. 2) As Peter Hesse pointed out, many CAs issue self-signed certificates with a minimum necessary information (e.g., a version 1 certificate with just a name, public key, and validity dates). Any such certificates included in a certification path would result in an empty valid_policy_tree. Old-with-new and new-with-old self-issued certificates are designed to be used as part of certification paths and so should contain all of the necessary extensions (e.g., basicConstraints, certificatePolicies), but self-signed certificates may be been issued simply as a means of distributing the public key to relying parties that will use that key as a trust anchor. If these certificates are included in, and are processed as parts of, certification paths, the results may be rejecting end certificates that should be have been accepted. 3) If a CA suspects that its key has been compromised (or it otherwise determines that none of the certificates it has issued should be considered valid), it should request that every certificate issued to it be revoked (as is stated in the Security Considerations section). If possible, it should also revoke all of the certificates it has issued (not just its self-signed certificate). If a CA can revoke its own self-signed certificate then it can revoke all of the certificates it has issued. Doing so will ensure that all relying parties know about the revocation, not just those relying parties that check to see whether the signed-signed certificate has been revoked. 4) If an organization uses client software that processes self-signed certificates, there is risk that that organization will issue certificates from its own CA assuming that relying parties process self-signed certificates. This organization's CA may then issue self-signed certificates with constraints (e.g., name constraints, path length constraints, etc.) that they expect relying parties to see, but the CA, assuming that relying parties will process its self-signed certificates, may not include the constraints in any of its other certificates. So, if there is no set rule, there is the risk that relying parties that do process self-signed certificates will lose some interoperability and those that do not will overlook intended path processing constraints. Hiroyuki Sakakibara presented an example in which processing self-signed certificates helped to prevent a security breach. In his example, A issues a cross-certificate to B and B's private key is compromised. Hiroyuki pointed out that by processing B's self-signed certificate (to see if it has expired or has been revoked) one may have a chance to detect the compromise even if A does not cooperate by revoking the certificate that it issued to B. However, as he pointed out, this is not foolproof. The entity that compromised B's key could issue a new self-signed certificate with a later notAfter date along with CRLs that make it appear as if B's certificates are still good. If on the other hand, B were able to get its own CRLs to relying parties, it could just revoke all of its certificates instead of just its self-signed certificate, thus ensuring that any relying party that receives its CRLs will know that its certificates can not be trusted, whether they process B's self-signed certificates or not. In general though, if a certification path of the form ... --> A --> B --> ... is being processed, I don't think there is much that B can do to protect relying parties from A's improper behavior. If A issues certificates to B with notAfter dates that are later than they should be or if A refuses to revoke B's certificate when requested to do so, there is little that B can do to protect A's relying parties (or the relying parties of any CA that preceded A in the path) from A, particularly in the case when B's private key has been compromised. I don't think that it is worth diverging from X.509 and introducing interoperability problems into PKIX in an attempt to try. Dave At 04:37 PM 8/24/01 -0700, Ryan Hurst wrote: >Peter - > >I agree with your comments on self-signed certificates in chains with only one exception, specifically in regards to revocation. There are several cases where the revocation of a self-signed CA would make sense, what about cessationOfOperation, superseded and affiliationChanged? These reasons do not imply any sort of compromise of key material. We make many "known assumptions" in PKI and the catch 22 of key material management and trust is one of them, without these "known assumptions" many of the things in son-off fall apart. > >Ryan Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7PKBgY11519 for ietf-pkix-bks; Sat, 25 Aug 2001 13:11:42 -0700 (PDT) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7PKBfD11515 for <ietf-pkix@imc.org>; Sat, 25 Aug 2001 13:11:41 -0700 (PDT) Received: from krdp2 (krdp2.ncsl.nist.gov [129.6.54.107]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id QAA29767; Sat, 25 Aug 2001 16:11:54 -0400 (EDT) Message-Id: <4.2.2.20010825150842.00bcb530@email.nist.gov> X-Sender: cooper@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sat, 25 Aug 2001 16:10:53 -0400 To: Jeff Jacoby <jjacoby@rsasecurity.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: "David A. Cooper" <david.cooper@nist.gov> Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 In-Reply-To: <3B82DCCA.3AE02568@rsasecurity.com> References: <8D7EC1912E25D411A32100D0B76953975A64AE@scygmxs01.cygnacom.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=====================_6398477==_.ALT" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --=====================_6398477==_.ALT Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable At 03:12 PM 8/21/01 -0700, Jeff Jacoby wrote: >Section 6.1.4 Preperation for certificate i+1, step (b)(1). the >second paragraph reads: > > "If no node of depth i in the valid_policy_tree has a > valid_policy of ID-P but there is a node of depth i with a > valid_policy of any-policy, then generate a child node of the > node of depth i-1 that has a valid_policy of any-policy as > follows:" > >Should it really be: > > "If no node of depth i in the valid_policy_tree has a > valid_policy of ID-P but there is a node of depth i-1 with a > valid_policy of any-policy, then generate a child node of the > node of depth i-1 that has a valid_policy of any-policy as > follows:" > >(note the difference in the first sentence, "i" vs "i-1"). Afterall, >the last sentence implies there must be a node of depth i-1 with a >valid_policy of any-policy. Actually, I believe that the original text was correct. To see why, consider= the following two examples: In the first example, the first certificate in the path contains the= following policy extensions: certificatePolicies =3D {anyPolicy, a} policyMappings =3D {a --> c, b --> d} After carrying out the steps in section 6.1.3, the valid_policy_tree,= excluding the qualifier_set and criticality_indicator fields, would be= (NOTE: this is best viewed with a fixed-width font): +----------------+ | any-policy | <---- valid_policy +----------------+ | any-policy | <---- expected_policy_set +----------------+ / \ / \ +----------------+ +----------------+ | any-policy | | a | <---- valid_policy +----------------+ +----------------+ | any-policy | | {a} | <---- expected_policy_set +----------------+ +----------------+ After the policy mappings extension is processed, the result is: +----------------+ | any-policy | <---- valid_policy +----------------+ | any-policy | <---- expected_policy_set +----------------+ / | \ / | \ +----------------+ +----------------+ +----------------+ | any-policy | | b | | a | <---- valid_policy +----------------+ +----------------+ +----------------+ | any-policy | | {d} | | {c} | <----= expected_policy_set +----------------+ +----------------+ +----------------+ In this case, the result would be the same whether the current text or the= proposed text were used. Note that, by construction, if there is a node of= depth i with valid_policy any-policy, there must also be a node of depth= i-1 with valid_policy any-policy. The second example shows a case in which the two algorithms differ. In this= case, the first certificate in the path contains the following policy= extensions: certificatePolicies =3D {a} policyMappings =3D {a --> c, b --> d} +----------------+ | any-policy | <---- valid_policy +----------------+ | any-policy | <---- expected_policy_set +----------------+ | | +----------------+ | a | <---- valid_policy +----------------+ | {a} | <---- expected_policy_set +----------------+ When the policy mappings extension is processed, the expected_policy_set for= the node at depth 1 is changed from {a} to {c}. Since there is no node of= depth 1 with a valid_policy of any-policy, the mapping from b to d is= ignored. The result is: +----------------+ | any-policy | <---- valid_policy +----------------+ | any-policy | <---- expected_policy_set +----------------+ | | +----------------+ | a | <---- valid_policy +----------------+ | {c} | <---- expected_policy_set +----------------+ If the proposed text were followed, a node of depth i with a valid_policy of= b and expected_policy_set of {d} would be created. However, this would make= it appear as if b appeared in the certificatePolicies extension. In the= first example, this was OK since b was implicitly included in the= certificatePolicies extension through the inclusion of anyPolicy. In the= second example, however, b was neither explicitly nor implicitly included= in the certificatePolicies extension. So, in the second example, b should= not appear as the valid_policy in any node of depth i. So, in effect, the phrase "if ... there is a node of depth i with a= valid_policy of any-policy" is checking to see if anyPolicy was included in= the certificatePolicies extension. If so, then the issuing domain policy= ID-P was implicitly included in the certificatePolicies extension and the= mapping from the issuing domain policy to the subject domain policy can be= included in the valid_policy tree just as if the issuing domain policy had= been explicitly included in the certificatePolicies extension. If neither= the issuing domain policy nor anyPolicy was included in the= certificatePolicies extension, then the mapping should be ignored. >Second issue is a simple typo. The very last sentence in section 6.1.4 >reads: > > "If (a), (k), (l), (n) and (o) have completed successfully, increment > i and perform the basic certificate processing specified in 6.1.2." > >it should be: > > "If (a), (k), (l), (n) and (o) have completed successfully, increment > i and perform the basic certificate processing specified in 6.1.3." > >(6.1.2 is Initialization) Good catch. >Finally, in the wrap-up description, section 6.1.5 step (g)(iii) 1. >reads: > > "1. Determine the set of policy nodes whose ancestor nodes > have a valid_policy of any-policy. This is the >valid_policy_node_set." > >Since the root node (depth 0) has valid_policy of any-policy, and it is >an ancestor to every node in the tree, this would seem to mean (to me) >the whole tree is in the valid_policy_node_set. Or does "ancestor node" >mean something different? I believe that "ancestor" should be replaced by "parent". The idea is to= compare policies from the user-initial-policy-set to policies in the= valid_policy_tree that came from the domain of the relying party. Thus, we= must look at nodes in the valid_policy_tree as close to the root as= possible, before any policy mappings have taken place. If a node's parent= has a valid_policy of any-policy, then no policy mappings could have been= performed in any of that node's ancestors (i.e., in each of the node's= ancestors, the expected_policy_set and the valid_policy are both= any-policy) and so it is reasonable to check whether that node's= valid_policy appears in the user-initial-policy-set. If a node's parent= vald_policy other than any-policy then either a policy mapping has occurred= (in which case the node's valid_policy should not be compared to the= user-initial-policy-set) or no mapping has occurred (in which case one or= more of the node's ancestors contains the same valid_policy, and one of= those ancestor nodes will be compared against the user-initial-policy-set). Dave --=====================_6398477==_.ALT Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html> At 03:12 PM 8/21/01 -0700, Jeff Jacoby wrote:<br> <blockquote type=3Dcite cite>Section 6.1.4 Preperation for certificate i+1, step (b)(1). the<br> second paragraph reads:<br> <br> "If no node of depth i in the valid_policy_tree has a<br> valid_policy of ID-P but there is a node of depth i with a<br> valid_policy of any-policy, then generate a child node of the<br> node of depth i-1 that has a valid_policy of any-policy as<br> follows:"<br> <br> Should it really be:<br> <br> "If no node of depth i in the valid_policy_tree has a<br> valid_policy of ID-P but there is a node of depth i-1 with a<br> valid_policy of any-policy, then generate a child node of the<br> node of depth i-1 that has a valid_policy of any-policy as<br> follows:"<br> <br> (note the difference in the first sentence, "i" vs "i-1"). Afterall,<br> the last sentence implies there must be a node of depth i-1 with a<br> valid_policy of any-policy.</blockquote><br> Actually, I believe that the original text was correct. To see why, consider the following two examples:<br> <br> In the first example, the first certificate in the path contains the following policy extensions:<br> <br> certificatePolicies =3D {anyPolicy, a}<br> policyMappings =3D {a --> c, b --> d}<br> <br> After carrying out the steps in section 6.1.3, the valid_policy_tree, excluding the qualifier_set and criticality_indicator fields, would be (NOTE: this is best viewed with a fixed-width font):<br> <br> <tt> = +----------------+<br> &nbs= p; | any-policy | <---- valid_policy<br> &nbs= p; +----------------+<br> &nbs= p; | any-policy | <---- expected_policy_set<br> &nbs= p; +----------------+<br> &nbs= p; / \<br> &nbs= p; / &nb= sp; \<br> +----------------+ &nbs= p; +----------------+<br> | any-policy | | a | <---- valid_policy<br> +----------------+ &nbs= p; +----------------+<br> | any-policy | | {a} | <---- expected_policy_set<br> +----------------+ &nbs= p; +----------------+<br> <br> </tt>After the policy mappings extension is processed, the result is:<br> <br> <tt> = +----------------+<br> &nbs= p; | any-policy | <---- valid_policy<br> &nbs= p; +----------------+<br> &nbs= p; | any-policy | <---- expected_policy_set<br> &nbs= p; +----------------+<br> &nbs= p; / | \<br> &nbs= p; / | \<br> +----------------+ +----------------+ +----------------+<br> | any-policy | | b | | a | <---- valid_policy<br> +----------------+ +----------------+ +----------------+<br> | any-policy | | {d} | | {c} | <---- expected_policy_set<br> +----------------+ +----------------+ +----------------+<br> <br> <br> </tt>In this case, the result would be the same whether the current text or the proposed text were used. Note that, by construction, if there is a node of depth i with valid_policy any-policy, there must also be a node of depth i-1 with valid_policy any-policy.<br> <br> <br> The second example shows a case in which the two algorithms differ. In this case, the first certificate in the path contains the following policy extensions:<br> <br> certificatePolicies =3D {a}<br> policyMappings =3D {a --> c, b --> d}<br> <br> <tt>+----------------+<br> | any-policy | <---- valid_policy<br> +----------------+<br> | any-policy | <---- expected_policy_set<br> +----------------+<br> </tt>  = ; |<br> &nbs= p; |<br> <tt>+----------------+<br> | a | <---- valid_policy<br> +----------------+<br> | {a} | <---- expected_policy_set<br> +----------------+<br> <br> </tt>When the policy mappings extension is processed, the expected_policy_set for the node at depth 1 is changed from {a} to {c}. Since there is no node of depth 1 with a valid_policy of any-policy, the mapping from b to d is ignored. The result is:<br> <br> <tt>+----------------+<br> | any-policy | <---- valid_policy<br> +----------------+<br> | any-policy | <---- expected_policy_set<br> +----------------+<br> </tt>  = ; |<br> &nbs= p; |<br> <tt>+----------------+<br> | a | <---- valid_policy<br> +----------------+<br> | {c} | <---- expected_policy_set<br> +----------------+<br> <br> </tt>If the proposed text were followed, a node of depth i with a valid_policy of b and expected_policy_set of {d} would be created. However, this would make it appear as if b appeared in the certificatePolicies extension. In the first example, this was OK since b was implicitly included in the certificatePolicies extension through the inclusion of anyPolicy. In the second example, however, b was neither explicitly nor implicitly included in the certificatePolicies extension. So, in the second example, b should not appear as the valid_policy in any node of depth i.<br> <br> So, in effect, the phrase "if ... there is a node of depth i with a valid_policy of any-policy" is checking to see if anyPolicy was included in the certificatePolicies extension. If so, then the issuing domain policy ID-P was implicitly included in the certificatePolicies extension and the mapping from the issuing domain policy to the subject domain policy can be included in the valid_policy tree just as if the issuing domain policy had been explicitly included in the certificatePolicies extension. If neither the issuing domain policy nor anyPolicy was included in the certificatePolicies extension, then the mapping should be ignored.<br> <br> <br> <blockquote type=3Dcite cite>Second issue is a simple typo. The very last sentence in section 6.1.4<br> reads:<br> <br> "If (a), (k), (l), (n) and (o) have completed successfully, increment<br> i and perform the basic certificate processing specified in 6.1.2."<br> <br> it should be:<br> <br> "If (a), (k), (l), (n) and (o) have completed successfully, increment<br> i and perform the basic certificate processing specified in 6.1.3."<br> <br> (6.1.2 is Initialization)</blockquote><br> Good catch.<br> <br> <blockquote type=3Dcite cite>Finally, in the wrap-up description, section 6.1.5 step (g)(iii) 1.<br> reads:<br> <br> "1. Determine the set of policy nodes whose ancestor nodes<br> have a valid_policy of any-policy. This is the<br> valid_policy_node_set."<br> <br> Since the root node (depth 0) has valid_policy of any-policy, and it is<br> an ancestor to every node in the tree, this would seem to mean (to me)<br> the whole tree is in the valid_policy_node_set. Or does "ancestor node"<br> mean something different?</blockquote><br> I believe that "ancestor" should be replaced by "parent". The idea is to compare policies from the user-initial-policy-set to policies in the valid_policy_tree that came from the domain of the relying party. Thus, we must look at nodes in the valid_policy_tree as close to the root as possible, before any policy mappings have taken place. If a node's parent has a valid_policy of any-policy, then no policy mappings could have been performed in any of that node's ancestors (i.e., in each of the node's ancestors, the expected_policy_set and the valid_policy are both any-policy) and so it is reasonable to check whether that node's valid_policy appears in the user-initial-policy-set. If a node's parent vald_policy other than any-policy then either a policy mapping has occurred (in which case the node's valid_policy should not be compared to the user-initial-policy-set) or no mapping has occurred (in which case one or more of the node's ancestors contains the same valid_policy, and one of those ancestor nodes will be compared against the user-initial-policy-set).<br> <br> Dave<br> </html> --=====================_6398477==_.ALT-- Received: by above.proper.com (8.11.6/8.11.3) id f7P0WNT10408 for ietf-pkix-bks; Fri, 24 Aug 2001 17:32:23 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7P0WLD10404 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 17:32:21 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id UAA254504; Fri, 24 Aug 2001 20:30:09 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f7P0OJL260846; Fri, 24 Aug 2001 20:24:19 -0400 Importance: Normal Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) To: Steve Hanna <steve.hanna@sun.com> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-ID: <OFB75189A9.8DA4A4E6-ON85256AB1.005CD480@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Fri, 24 Aug 2001 20:32:23 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 08/24/2001 08:32:18 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> As far as I can tell, the only excludedSubtree with DirectoryName which is widely usable and doesn't run into the character code problems discussed earlier is one which contains a countryName and no other attributes. Thus I would not change the last sentence of the paragraph (it's good advice anyway) but would add a new sentence to it after the first sentence as follows: "This is particularly hard to guarantee when one or more of the attributes in the DN specification is encoded as a CHOICE, such as DirectoryString." and change the beginning of the next sentence to "If the encodings differ" from "If not". Tom Gindin Steve Hanna <steve.hanna@sun.com> on 08/23/2001 10:20:04 AM To: Tom Gindin <tgindin@us.ibm.com> cc: Peter Sylvester <Peter.Sylvester@edelweb.fr>, ietf-pkix@imc.org Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) Tom Gindin wrote: > On a more constructive note, however, any attribute which can only > be encoded in PrintableString or NumericString (or Object ID) can > safely be used in excludedSubtrees. The most useful of these is > probably Country. Right. So I can safely use excludedSubtrees with directoryNames as long as the only attributes in the excluded DN are countryName, dnQualifier, and serialNumber. But I suspect that most DNs that people would want to exclude would contain organizationName and the like. So I still think that using excludedSubtrees with directoryNames is generally a bad idea. The Security Considerations section of new-part1-08 basically says this, so I don't think any changes to the draft are required. -Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7ONhU109663 for ietf-pkix-bks; Fri, 24 Aug 2001 16:43:30 -0700 (PDT) Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7ONhSD09658 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 16:43:28 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GIL00401J9GEV@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 24 Aug 2001 16:44:04 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GIL004FBJ9F3U@ext-mail.valicert.com>; Fri, 24 Aug 2001 16:44:03 -0700 (PDT) Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <QP4K47X4>; Fri, 24 Aug 2001 16:37:30 -0700 Content-return: allowed Date: Fri, 24 Aug 2001 16:37:30 -0700 From: Ryan Hurst <ryanh@valicert.com> Subject: RE: Path validation and self-signed certificates (was RE: Recomme nded changes to draft-ietf-pkix-new-part1-08) To: "'Peter Hesse'" <pmhesse@cygnacom.com>, "'Hiroyuki Sakakibara'" <sakaki@iss.isl.melco.co.jp>, "Housley, Russ" <rhousley@rsasecurity.com> Cc: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE185@exchange.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-type: multipart/alternative; boundary="Boundary_(ID_aof3KuOaA08d4bGQ37koiw)" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --Boundary_(ID_aof3KuOaA08d4bGQ37koiw) Content-type: text/plain Peter - I agree with your comments on self-signed certificates in chains with only one exception, specifically in regards to revocation. There are several cases where the revocation of a self-signed CA would make sense, what about cessationOfOperation, superseded and affiliationChanged? These reasons do not imply any sort of compromise of key material. We make many "known assumptions" in PKI and the catch 22 of key material management and trust is one of them, without these "known assumptions" many of the things in son-off fall apart :-). Ryan -----Original Message----- From: Peter Hesse [mailto:pmhesse@cygnacom.com] Sent: Wednesday, August 22, 2001 6:46 AM To: 'Hiroyuki Sakakibara'; Housley, Russ; Peter Hesse Cc: ietf-pkix@imc.org Subject: Path validation and self-signed certificates (was RE: Recommended changes to draft-ietf-pkix-new-part1-08) Hiroyuki, I will attempt to discuss a few of these issues inline. > -----Original Message----- > From: Hiroyuki Sakakibara [mailto:sakaki@iss.isl.melco.co.jp <mailto:sakaki@iss.isl.melco.co.jp> ] > Sent: Wednesday, August 22, 2001 1:51 AM > To: Housley, Russ; Peter Hesse > Cc: wford@verisign.com; wpolk@nist.gov; dsolo@alum.mit.edu; > ietf-pkix@imc.org; iesg@ietf.org > Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 > > > Hello. I have a comment related to path validation with a self-signed > certificate. > > I think that in 6.1 Basic Path Validation, it is not clear > that whether > self-signed > NON trust certificates may be included in a path or not. > (namely intermediate self-signed certs, not oldWithNew, newWithOld) > > Plese note that I am not talking about a self-signed > certificate to begin a > path, > talking about self-signed certificates in the middle of a path. I think this vagueness is somewhat purposeful. It is not directly allowed or prohibited. Whether or not a self-signed certificate is found within the path, the path is still complete. Any benefit or detriment that comes from having the self-signed certificate within the path will not always be encountered for two reasons, 1) Other implementations may not allow the path to have a self-signed certificate within it 2) You may find the path without the self-signed certificate first > > For example, > > CA1 cross certifies with BridgeCA > CA2 cross certifies with BridgeCA > CA2 issues Cert_EE.(EndEntity cert) > SelfSignedCert_CA1 is trust anchor. > BridgeCA has a selfsigned certificate(SelfSignedCert_BridgeCA). > > Based on the relation ship between issuer and subject or AKI/SKI, > the following 2 paths would be constructed. > > (1) SelfSignedCert_CA1 -> CrossCert_CA1toBridgeCA > -> CrossCert_BridgeCAtoCA2 -> Cert_EE > > (2) SelfSigned_CA1 -> CrossCert_CA1toBridgeCA > -> SelfSignedCert_BridgeCA -> CrossCert_BridgeCAtoCA2 -> Cert_EE I think it is a bad idea for Bridge CAs to post self-signed certificates in the directory. They are not a trust anchor for anyone, so they should not publish a self-signed certificate as a key container. However this point and demonstration remain the same if you consider just three CAs that have cross-certified without a bridge. > I suppose that most validation softwares implement (1), simple one, > and it could be a minimum requirement for interoperability. > > In case of (2), there is an advantage that a validation > software could > check > the status of SelfSignedCert_BridgeCA, shown in the appendix below. > > So, I think that it should be clear that intermediate self-signed > certificates may be > included(optionally), or ignored, in the document. > I think that (1) is mandatory, and (2) is optional(not inhibited). > > Folks, what do you think about this issue ? Again, my opinion is that since both are complete paths, both are equally valid and may be used by different implementations. However, many implementations have made a simplifying assumption to prevent certificate path loops which would prevent #2 from ever being validated. So any benefit that might be gained by allowing #2 cannot be counted on. There seems to be little benefit gained by including two or more certificates with the same subject distinguished name and subject public key within the same path. I have looked through your examples below and must admit I am not understanding them fully. Let's look at this example TR -> A -> B -> (B self signed) -> C -> EE Let's say that A->B has a notAfter date of 12/31/2002, (B self signed) has a notAfter date of 12/31/2001, and B->C has a notAfter date of 12/31/2002. If this path was developed and validated, the path would be invalid if the current date was after 12/31/2001. > * About ISO/IEC 9594-8 > > According to current ISO/IEC 9594-8 document, in 8.1.5 Self-Issued > certificates > it seems that intermediate self-signed certificates shall be > ignored in path > construction/validation. > However, considering the advantage of checking intermediate > self-signed > certificates shown below, > I don't understand why they "shall be ignored", > because checking them would be meaningful from the point of view of > security. > > I think that investigation of intermediate self-signed > ceritificates may be > optional, > should not inhibited, so, "may be ignored" would be better. > > This is not a mailing list for 9594-8, however RFC2459 > related documents are > based on > 9594-8, so, I will also send my opinioin about it. > > -------------------- Advantage of validation of path > (2) -------------------- > > If a validation software implements (2), > the software could check the validity status of > SelfSignedCert_BridgeCA. > > Assume that CA1 issues a cross certificate whose > notAfter excess notAfter of self-signed certificate of BridgeCA. > > such as > notAfter of SelfSignedCert_BridgeCA is "2001/12/31" > notAfter of CrossCert_CA1toBridgeCA is "2002/12/31" . > > when BridgeCA inhibits such cross certificate, it will be an invalid > cross-certificate. > > Useally, BridgeCA checks a cross-certificate from CA1 when issuance, > however, if CA1 is a rough CA, or a bug CA(including mis-operations), > after issuance of a valid cross certificate, > CA1 could issue an additional invalid certificate and > distribute it to LDAP > etc... > without BrigeCA's permission . > > ( In this case, for a RP, CA1 is a trust anchor, so, CA1 must > not be a rough > CA, however, this kind of rough operation would happen in > another example. > for example, > > CA1(has self-signed cert, trust anchor) -> CA2(has > self-signed cert) -> CA3 > -> CA4( has self-signed cert) -> EE > > CA3 issues an invalid cross certificate to CA4. > In this example, a trust anchor CA1 behaves properly, however, > CA3 does rough operations. ) > > RP could check the revocation status of Cert_BridgeCASelfsigned also. > In the case of self-signed revocation, I am not sure why a CA would revoke itself. If the CA was truly operating as a "rogue", it would not revoke itself in order to keep whatever trust it still had. Can you trust a CA that revokes itself? I am reminded of the old puzzle in which you encounter two people at a crossroads, a truthteller and a liar. You do not know which is which, and must ask one of them a question in order to know if you should turn left or right to get to where you want to go. --Peter ---------------------------------------------------------------- Peter M. Hesse CygnaCom Solutions, a division of Phone: 703-270-3523 Entrust ICQ: 1942828 Securing the Internet ---------------------------------------------------------------- "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius > This kind of problem would happen in a multi CA products environment. > > To avoid this problem, interoperability test, operation, management > among multi CA products should be done well, > or a RP should check the status of intermediate self-signed > certificates, > or a CA which cross-certifies with other CAs should observe > behavior of > other CAs, etc...? > --Boundary_(ID_aof3KuOaA08d4bGQ37koiw) Content-type: text/html Content-transfer-encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUS-ASCII"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C12CBB.E3E70840"> <title>Path validation and self-signed certificates (was RE: = Recommended changes to draft-ietf-pkix-new-part1-08)</title> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:553679495 -2147483648 8 0 66047 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:blue; text-decoration:underline; text-underline:single;} p {mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} pre {margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt = 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt = 732.8pt; font-size:10.0pt; font-family:"Courier New"; mso-fareast-font-family:"Times New Roman";} span.EmailStyle18 {mso-style-type:personal-reply; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--> </head> <body lang=3DEN-US link=3Dblue vlink=3Dblue = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Peter = -<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>= <p class=3DMsoNormal style=3D'text-indent:.5in'><font size=3D2 = color=3Dnavy face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial;color:navy'>I agree with = your comments on self-signed certificates in chains with only one exception, = specifically in regards to revocation. There are several cases where the revocation = of a self-signed CA would make sense, what about = </span></font>cessationOfOperation, superseded and affiliationChanged? <font size=3D2 color=3Dnavy = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial;color:navy'>These reasons = do not imply any sort of compromise of key material. We make many "known = assumptions" in PKI and the catch 22 of key material management and trust is one of = them, without these "known assumptions" many of the things in son-off fall apart = </span></font><font size=3D2 color=3Dnavy face=3DWingdings><span = style=3D'font-size:10.0pt;font-family: Wingdings;mso-ascii-font-family:Arial;mso-hansi-font-family:Arial;mso-bi= di-font-family: Arial;color:navy;mso-char-type:symbol;mso-symbol-font-family:Wingdings'>= <span style=3D'mso-char-type:symbol;mso-symbol-font-family:Wingdings'>J</span>= </span></font><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial; color:navy'>.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>= <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>= <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Ryan<o:p></o:p></span></font></p> <p class=3DMsoNormal style=3D'text-indent:.5in'><font size=3D2 = color=3Dnavy face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p= ></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>= <p class=3DMsoNormal style=3D'text-indent:.5in'><font size=3D2 = color=3Dnavy face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p= ></span></font></p> <p class=3DMsoNormal style=3D'text-indent:.5in'><font size=3D2 = color=3Dnavy face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p= ></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>= <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original = Message-----<br> <b><span style=3D'font-weight:bold'>From:</span></b> Peter Hesse = [mailto:pmhesse@cygnacom.com] <br> <b><span style=3D'font-weight:bold'>Sent:</span></b> Wednesday, August = 22, 2001 6:46 AM<br> <b><span style=3D'font-weight:bold'>To:</span></b> 'Hiroyuki = Sakakibara'; Housley, Russ; Peter Hesse<br> <b><span style=3D'font-weight:bold'>Cc:</span></b> = ietf-pkix@imc.org<br> <b><span style=3D'font-weight:bold'>Subject:</span></b> Path validation = and self-signed certificates (was RE: Recommended changes to draft-ietf-pkix-new-part1-08)</span></font></p> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>Hiroyuki,</span></font> <o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>I will attempt to discuss a few of these = issues inline.</span></font> <o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>> -----Original = Message-----</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> From: Hiroyuki = Sakakibara [<a href=3D"mailto:sakaki@iss.isl.melco.co.jp">mailto:sakaki@iss.isl.melco.c= o.jp</a>]</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> Sent: Wednesday, = August 22, 2001 1:51 AM</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> To: Housley, Russ; = Peter Hesse</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> Cc: = wford@verisign.com; wpolk@nist.gov; dsolo@alum.mit.edu;</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> ietf-pkix@imc.org; = iesg@ietf.org</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> Subject: Re: = Recommended changes to draft-ietf-pkix-new-part1-08</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> Hello. I have a = comment related to path validation with a self-signed</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = certificate.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> I think that in = 6.1 Basic Path Validation, it is not clear </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> that = whether</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = self-signed</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> NON trust = certificates may be included in a path or not.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> (namely = intermediate self-signed certs, not oldWithNew, newWithOld)</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>></span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> Plese note that I = am not talking about a self-signed </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> certificate to = begin a</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = path,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> talking about = self-signed certificates in the middle of a path.</span></font> <o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>I think this vagueness is somewhat = purposeful. It is not directly allowed or prohibited. Whether or not a = self-signed certificate is found within the path, the path is still complete. = Any benefit or detriment that comes from having the self-signed certificate = within the path will not always be encountered for two reasons, = </span></font><o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D3 face=3D"Times New = Roman"><span style=3D'font-size:12.0pt'> = </span></font><font size=3D2><span style=3D'font-size:10.0pt'>1) Other implementations may = not allow the path to have a self-signed certificate within it</span></font> <br> <font size=3D2><span = style=3D'font-size: 10.0pt'>2) You may find the path without the self-signed certificate = first</span></font> <o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> For = example,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> CA1 cross = certifies with BridgeCA</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> CA2 cross = certifies with BridgeCA</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> CA2 issues = Cert_EE.(EndEntity cert)</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> SelfSignedCert_CA1 = is trust anchor.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> BridgeCA has a = selfsigned certificate(SelfSignedCert_BridgeCA).</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> Based on the = relation ship between issuer and subject or AKI/SKI,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> the following 2 = paths would be constructed.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> (1) = SelfSignedCert_CA1 -> CrossCert_CA1toBridgeCA</span></font> <br> <font size=3D2><span = style=3D'font-size:10.0pt'>> -> CrossCert_BridgeCAtoCA2 -> Cert_EE</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> (2) SelfSigned_CA1 = -> CrossCert_CA1toBridgeCA</span></font> <br> <font size=3D2><span = style=3D'font-size:10.0pt'>> -> SelfSignedCert_BridgeCA -> CrossCert_BridgeCAtoCA2 -> = Cert_EE</span></font> <o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>I think it is a bad idea for Bridge CAs to = post self-signed certificates in the directory. They are not a trust = anchor for anyone, so they should not publish a self-signed certificate as a = key container. However this point and demonstration remain the same = if you consider just three CAs that have cross-certified without a = bridge.</span></font><o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'> </span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> I suppose that = most validation softwares implement (1), simple one,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> and it could be a = minimum requirement for interoperability.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> In case of = (2), there is an advantage that a validation </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> software = could</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = check</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> the status of SelfSignedCert_BridgeCA, shown in the appendix below.</span></font> = <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> So, I think that = it should be clear that intermediate self-signed</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> certificates may = be</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = included(optionally), or ignored, in the document.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> I think that (1) = is mandatory, and (2) is optional(not inhibited).</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> Folks, what do you = think about this issue ?</span></font> <o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>Again, my opinion is that since both are = complete paths, both are equally valid and may be used by different implementations. However, many implementations have made a = simplifying assumption to prevent certificate path loops which would prevent #2 = from ever being validated. So any benefit that might be gained by allowing = #2 cannot be counted on.</span></font><o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>There seems to be little benefit gained by = including two or more certificates with the same subject distinguished name and = subject public key within the same path. I have looked through your = examples below and must admit I am not understanding them fully. Let's = look at this example</span></font><o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>TR -> A -> B -> (B self signed) = -> C -> EE</span></font> <o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>Let's say that A->B has a notAfter date = of 12/31/2002, (B self signed) has a notAfter date of 12/31/2001, and = B->C has a notAfter date of 12/31/2002. If this path was developed and = validated, the path would be invalid if the current date was after = 12/31/2001.</span></font><o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>> * About ISO/IEC 9594-8</span></font> = <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> According to = current ISO/IEC 9594-8 document, in 8.1.5 Self-Issued</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = certificates</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> it seems that = intermediate self-signed certificates shall be </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> ignored in = path</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = construction/validation.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> However, = considering the advantage of checking intermediate </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> = self-signed</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> certificates shown = below,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> I don't = understand why they "shall be ignored",</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> because checking = them would be meaningful from the point of view of</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = security.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> I think that = investigation of intermediate self-signed </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> ceritificates may = be</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = optional,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> should not = inhibited, so, "may be ignored" would be better.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> This is not a = mailing list for 9594-8, however RFC2459 </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> related documents = are</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> based = on</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> 9594-8, so, I will = also send my opinioin about it.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> = -------------------- Advantage of validation of path</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> (2) = --------------------</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> If a validation = software implements (2),</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> the software could = check the validity status of </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> = SelfSignedCert_BridgeCA.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> Assume that CA1 = issues a cross certificate whose</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> notAfter excess = notAfter of self-signed certificate of BridgeCA.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> such = as</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> notAfter of SelfSignedCert_BridgeCA is "2001/12/31"</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> notAfter of CrossCert_CA1toBridgeCA is "2002/12/31" .</span></font> = <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> when BridgeCA = inhibits such cross certificate, it will be an invalid</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = cross-certificate.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> Useally, BridgeCA = checks a cross-certificate from CA1 when issuance,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> however, if CA1 is = a rough CA, or a bug CA(including mis-operations),</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> after issuance of = a valid cross certificate,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> CA1 could issue an = additional invalid certificate and </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> distribute it to = LDAP</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = etc...</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> without BrigeCA's = permission .</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> ( In this case, = for a RP, CA1 is a trust anchor, so, CA1 must </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> not be a = rough</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> CA, however, this = kind of rough operation would happen in </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> another = example.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> for = example,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> CA1(has = self-signed cert, trust anchor) -> CA2(has </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> self-signed cert) = -> CA3</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> -> CA4( has = self-signed cert) -> EE</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> CA3 issues an = invalid cross certificate to CA4.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> In this example, a = trust anchor CA1 behaves properly, however,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> CA3 does rough = operations. )</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> RP could check the = revocation status of Cert_BridgeCASelfsigned also.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = </span></font><o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>In the case of self-signed revocation, I am = not sure why a CA would revoke itself. If the CA was truly operating as a = "rogue", it would not revoke itself in order to keep whatever trust it still = had. Can you trust a CA that revokes itself? I am reminded of the old = puzzle in which you encounter two people at a crossroads, a truthteller and a = liar. You do not know which is which, and must ask one of them a question in = order to know if you should turn left or right to get to where you want to = go. </span></font><o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>--Peter</span></font> <o:p></o:p></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>---------------------------------------------= ------------------- </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'> Peter M. Hesse = CygnaCom Solutions, a division of</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'> Phone: 703-270-3523 = Entrust</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'> ICQ: 1942828  = ; Securing the Internet</span></font> <br> <font size=3D2><span = style=3D'font-size:10.0pt'>---------------------------------------------= ------------------- </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>"Pay no attention = to what the critics say; there has never been </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>a statue set up in = honor of a critic." --Jean Sibelius</span></font> <o:p></o:p></p> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p> <p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New = Roman"><span style=3D'font-size:10.0pt'>> This kind of problem would happen in a = multi CA products environment.</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> To avoid this = problem, interoperability test, operation, management</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> among multi CA = products should be done well,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> or a RP should = check the status of intermediate self-signed </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> = certificates,</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> or a CA which = cross-certifies with other CAs should observe </span></font><br> <font size=3D2><span style=3D'font-size:10.0pt'>> behavior = of</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> other CAs, = etc...?</span></font> <br> <font size=3D2><span style=3D'font-size:10.0pt'>> = </span></font><o:p></o:p></p> </div> </body> </html> --Boundary_(ID_aof3KuOaA08d4bGQ37koiw)-- Received: by above.proper.com (8.11.6/8.11.3) id f7OFRPk17912 for ietf-pkix-bks; Fri, 24 Aug 2001 08:27:25 -0700 (PDT) Received: from mail.phaos.com ([198.78.132.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7OFRND17908 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 08:27:24 -0700 (PDT) Received: from phaos_arik.phaos.com ([198.78.132.60]) by mail.phaos.com (8.9.3/8.9.3) with ESMTP id KAA17952; Fri, 24 Aug 2001 10:17:32 -0400 Message-Id: <5.1.0.14.2.20010824112900.0242b8c0@mail.phaos.com> X-Sender: arik@mail.phaos.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 24 Aug 2001 11:34:04 -0400 To: Cristian Marinescu <cristian.marinescu@omicron.at>, ietf-pkix@imc.org From: Ari Kermaier <arik@phaos.com> Subject: RE: more tsa testing In-Reply-To: <01Aug24.140024gmt+0200.29579@gw.omicron.at> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Christian, Try using POST ( http://195.223.2.6:8080/ displays a page with some info about the TSA ). Ari Kermaier Sr. Software Engineer Phaos Technology Corp. >Hi > >This is what you offer under your web interface?? >(http://195.223.2.6:8080/timestamp) > > ><CUT> >================================================= >Method Not Allowed >The requested method GET is not allowed for the URL /timestamp. > > >-------------------------------------------------------------------------------- > >Apache/1.3.9 Server at mulo.andxor.it Port 8080 >================================================= ><CUT> > >========================= >D.I. Cristian Marinescu >Software Developer >OMICRON electronics GmbH >Oberes Ried 1 >A-6833 Klaus >Austria >Tel: +43-5523-507-113 >Fax: +43-5523-507-999 >E-Mail: cristian.marinescu@omicron.at >WWW: http://www.omicron.at > > > > > -----Original Message----- > > From: tho [mailto:tho@andxor.com] > > Sent: Friday, August 24, 2001 10:59 AM > > To: ietf-pkix@imc.org > > Subject: more tsa testing > > > > > > > > hello, > > > > if anyone would like another TSA to test here you can find ours: > > > > http://195.223.2.6:8080 > > > > it is a freebsd box with an apache module that acts as a frontend > > and translator to a socket based protocol backend. > > > > the backend is still directly reached at address 195.223.2.6 > > port 3318 while if > > you prefer the http interface you should go to > > http://195.223.2.6:8080/timestamp > > > > of course let me know :) > > > > tho > > -- > > (__) > > (oo) > > \/-------\ > > || | \ > > ||---W|| * > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7OExnk16329 for ietf-pkix-bks; Fri, 24 Aug 2001 07:59:49 -0700 (PDT) Received: from firewall.andxor.it (firewall.andxor.it [195.223.2.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7OExkD16325 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 07:59:46 -0700 (PDT) Received: from tho.andxor.com (tho.andxor.it [195.223.2.222]) by firewall.andxor.it (8.9.2/8.9.2) with ESMTP id QAA24289 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 16:59:46 +0200 (CEST) (envelope-from tho@tho.andxor.com) Received: (from tho@localhost) by tho.andxor.com (8.9.3/8.9.3) id QAA33186 for ietf-pkix@imc.org; Fri, 24 Aug 2001 16:59:48 +0200 (CEST) (envelope-from tho) Date: Fri, 24 Aug 2001 16:59:48 +0200 From: tho <tho@andxor.com> To: ietf-pkix@imc.org Subject: Re: more tsa testing Message-ID: <20010824165947.A33171@tho.andxor.com> References: <01Aug24.140024gmt+0200.29579@gw.omicron.at> <20010824152813.A32702@tho.andxor.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20010824152813.A32702@tho.andxor.com>; from tho@andxor.com on Fri, Aug 24, 2001 at 03:28:14PM +0200 X-Operating-System: FreeBSD Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> tho wrote: > infact the time stamp request has to be PUT at that url :) please replace PUT with POST ;) (now we should be ok) tho -- (__) (oo) \/-------\ || | \ ||---W|| * Received: by above.proper.com (8.11.6/8.11.3) id f7ODSFs10036 for ietf-pkix-bks; Fri, 24 Aug 2001 06:28:15 -0700 (PDT) Received: from firewall.andxor.it (firewall.andxor.it [195.223.2.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7ODSCD10032 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 06:28:12 -0700 (PDT) Received: from tho.andxor.com (tho.andxor.it [195.223.2.222]) by firewall.andxor.it (8.9.2/8.9.2) with ESMTP id PAA22866 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 15:28:12 +0200 (CEST) (envelope-from tho@tho.andxor.com) Received: (from tho@localhost) by tho.andxor.com (8.9.3/8.9.3) id PAA32717 for ietf-pkix@imc.org; Fri, 24 Aug 2001 15:28:14 +0200 (CEST) (envelope-from tho) Date: Fri, 24 Aug 2001 15:28:14 +0200 From: tho <tho@andxor.com> To: ietf-pkix@imc.org Subject: Re: more tsa testing Message-ID: <20010824152813.A32702@tho.andxor.com> References: <01Aug24.140024gmt+0200.29579@gw.omicron.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <01Aug24.140024gmt+0200.29579@gw.omicron.at>; from cristian.marinescu@omicron.at on Fri, Aug 24, 2001 at 01:59:15PM +0200 X-Operating-System: FreeBSD Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Cristian Marinescu wrote: > Hi > > This is what you offer under your web interface?? > (http://195.223.2.6:8080/timestamp) > > > <CUT> > ================================================= > Method Not Allowed > > <CUT> infact the time stamp request has to be PUT at that url :) tho -- (__) (oo) \/-------\ || | \ ||---W|| * Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7OBxVn02263 for ietf-pkix-bks; Fri, 24 Aug 2001 04:59:31 -0700 (PDT) Received: from omicron.at (gw.omicron.at [212.183.10.29]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7OBxTD02259 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 04:59:29 -0700 (PDT) Received: by gw.omicron.at id <29579>; Fri, 24 Aug 2001 14:00:24 +0200 Message-Id: <01Aug24.140024gmt+0200.29579@gw.omicron.at> From: Cristian Marinescu <cristian.marinescu@omicron.at> To: tho <tho@andxor.com>, ietf-pkix@imc.org Subject: RE: more tsa testing Date: Fri, 24 Aug 2001 13:59:15 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain; charset="windows-1252" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Hi This is what you offer under your web interface?? (http://195.223.2.6:8080/timestamp) <CUT> ================================================= Method Not Allowed The requested method GET is not allowed for the URL /timestamp. -------------------------------------------------------------------------------- Apache/1.3.9 Server at mulo.andxor.it Port 8080 ================================================= <CUT> ========================= D.I. Cristian Marinescu Software Developer OMICRON electronics GmbH Oberes Ried 1 A-6833 Klaus Austria Tel: +43-5523-507-113 Fax: +43-5523-507-999 E-Mail: cristian.marinescu@omicron.at WWW: http://www.omicron.at > -----Original Message----- > From: tho [mailto:tho@andxor.com] > Sent: Friday, August 24, 2001 10:59 AM > To: ietf-pkix@imc.org > Subject: more tsa testing > > > > hello, > > if anyone would like another TSA to test here you can find ours: > > http://195.223.2.6:8080 > > it is a freebsd box with an apache module that acts as a frontend > and translator to a socket based protocol backend. > > the backend is still directly reached at address 195.223.2.6 > port 3318 while if > you prefer the http interface you should go to > http://195.223.2.6:8080/timestamp > > of course let me know :) > > tho > -- > (__) > (oo) > \/-------\ > || | \ > ||---W|| * > Received: by above.proper.com (8.11.6/8.11.3) id f7O8xMi06719 for ietf-pkix-bks; Fri, 24 Aug 2001 01:59:22 -0700 (PDT) Received: from firewall.andxor.it (firewall.andxor.it [195.223.2.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7O8xID06701 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 01:59:19 -0700 (PDT) Received: from tho.andxor.com (tho.andxor.it [195.223.2.222]) by firewall.andxor.it (8.9.2/8.9.2) with ESMTP id KAA21158 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 10:59:17 +0200 (CEST) (envelope-from tho@tho.andxor.com) Received: (from tho@localhost) by tho.andxor.com (8.9.3/8.9.3) id KAA31727 for ietf-pkix@imc.org; Fri, 24 Aug 2001 10:59:18 +0200 (CEST) (envelope-from tho) Date: Fri, 24 Aug 2001 10:59:18 +0200 From: tho <tho@andxor.com> To: ietf-pkix@imc.org Subject: more tsa testing Message-ID: <20010824105917.A31622@tho.andxor.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i X-Operating-System: FreeBSD Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> hello, if anyone would like another TSA to test here you can find ours: http://195.223.2.6:8080 it is a freebsd box with an apache module that acts as a frontend and translator to a socket based protocol backend. the backend is still directly reached at address 195.223.2.6 port 3318 while if you prefer the http interface you should go to http://195.223.2.6:8080/timestamp of course let me know :) tho -- (__) (oo) \/-------\ || | \ ||---W|| * Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7O8sDU05348 for ietf-pkix-bks; Fri, 24 Aug 2001 01:54:13 -0700 (PDT) Received: from dolk.extundo.com (dolk.extundo.com [195.42.214.242]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7O8s9D05338 for <ietf-pkix@imc.org>; Fri, 24 Aug 2001 01:54:10 -0700 (PDT) Received: from barbar.josefsson.org (slipsten.extundo.com [195.42.214.241]) (authenticated) by dolk.extundo.com (8.11.3/8.11.3) with ESMTP id f7O8sAw29476; Fri, 24 Aug 2001 10:54:11 +0200 To: "David Cross" <dcross@microsoft.com> Cc: <ietf-pkix@imc.org> Subject: Re: draft minutes (using DNS for PKI support) References: <24A715275661C8428C00432EFCA5CB7C037AD7C7@red-msg-02.redmond.corp.microsoft.com> From: Simon Josefsson <sjosefsson@rsasecurity.com> In-Reply-To: <24A715275661C8428C00432EFCA5CB7C037AD7C7@red-msg-02.redmond.corp.microsoft.com> ("David Cross"'s message of "Thu, 23 Aug 2001 16:43:13 -0700") Date: Fri, 24 Aug 2001 10:54:02 +0200 Message-ID: <iluzo8p4z4l.fsf@barbar.josefsson.org> Lines: 180 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/21.0.104 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> David, Yes it is. However it updates the DNS domain owner name recommendations of RFC 2538, to be more "natural". Basically this draft says that certificates used for e.g. S/MIME should be stored under the simplest translation of the email address of the user who owns the certificate. RFC 2538 has more complex rules to derive a recommended owner name which doesn't always make for a useful owner name. I should point out that there are two problems with using the simplest translation of the email address. This is an open issue. There are two problems: 1) sjosefsson@rsasecurity.com may have several certificates, e.g. S/MIME and PGP. Storing them both under the same name wastes bandwidth and requires the client to intelligently select between them. 2) You cannot delegate management of the certificate hosting for the domain without also delegating management of the entire zone. E.g. say that example.com does not wish to host their certificates, but rather wishes that thirdparty.com hosts them. Both problems may be solved by storing the certificates under a subdomain, e.g. sjosefsson._smime.rsasecurity.com. The owner name will only be used by S/MIME certs, and it is possible to delegate control of the entire subdomain to someone else. Comments on this are most appreciated. Regards Simon "David Cross" <dcross@microsoft.com> writes: > Sorry I missed the meeting. Is this proposal based on RFC 2538? > > > > Using DNS for PKI Support- Simon Josephson (RSA) > ID published as a personal draft. Focuses on using DNS to > hold certificates and CRLs. Works especially well for S/MINE, given > typical DNS lookup re MX records. Question is whether PKIX should > adopt this as a work item? Will discuss this on the list. (no slides) > > > > http://www.ietf.org/rfc/rfc2538.txt?number=2538 > > > > > > > > > > David B. Cross > > > -----Original Message----- From: Stephen Kent > [mailto:kent@bbn.com] Sent: Tuesday, August 21, 2001 7:32 AM To: > ietf-pkix@imc.org Subject: draft minutes > > > Folks, > > > Please review the meeting minutes and get back to me with any > corrections by 8/28, so that I can submit them to the IETF > secretariat by the end of the month. > > > Thanks, > > > Steve > -------- > > > PKIX WG Meeting 8/6/01 Edited by Steve Kent (WG co-chairs) > The PKIX WG met once during the 51st IETF. A total of approximately > 153 individuals participated in the meeting. > > Tim quickly reviewed the agenda and document status, noting that > there are many I-Ds in progress. (see slides) > Two new RFCs in the editor's queue: RFC xxxx > Timestamp Protocol RFC xxxx Attribute Certificate > Profile > In the IESG Review Process: PKIX Certificate and CRL Profile > (a.k.a., son-of-2459) Public Key Algorithms and Identifiers for > the PKIX Certificate profile > Soon to be Submitted to IESG: PKIX Roadmap Repository > Locator Service > In WG Last Call: none > Close to WG last call: Certificate Management Protocol (RFC > 2510bis) Certificate Request Message Framework (RFC 2511bis) > Transport Protocols for CMP Online Certificate Status Protocol > (OCSP v2) > New Work: > > Logotype Certificates - Stefan Santesson (AddTrust) Notion > is to embed references to logos in certificates, for CAs or for > EEs, to allow display of the logo as part of certificate > processing. Argument is that people relate to logos in the physical > world, and don't display certificate contents, so this is a way to > bring branding into PKIs. Major concern is that people could be > mislead by certificates issued by a CA that binds inappropriate > logos to certificates it issues, e.g., there is no way to constrain > logo references the same way we can constrain names. Proposal is to > create a new extension for carrying a pointer (URL) to the logo > image, an indication of the image type, and a hash of the > image. (see slides) > Supplemental Algorithms - Ari Singer (NTRU) New work item, to > contain specs for a set of algorithms that COULD be used with PKIX > data structures. Support for these algorithms is not mandated, but > this document will provide a reference for these supplemental > algorithms. Note need to include appropriate intellectual property > warnings for proprietary algorithms, and to distinguish between > algorithms that are standards, vs, proprietary. (see slides) > PKI Disaster Recovery - Denis Pinkas (Integris) The goal of this > new work is to create an informational RFC which addresses how to > deal with compromise or loss of use of a CA, AA, or TSA > key. Different requirements arise for EE signature keys vs. EE > encryption keys, and these are addressed separately. (see slides) > Using DNS for PKI Support- Simon Josephson (RSA) ID published as a > personal draft. Focuses on using DNS to hold certificates and > CRLs. Works especially well for S/MINE, given typical DNS lookup re > MX records. Question is whether PKIX should adopt this as a work > item? Will discuss this on the list. (no slides) > > Ongoing Work: > LDAP V3 Profile and Certificate Matching Rules - David Chadwick > (Univ of Salford) Profile going well, looking for feedback before > publishing as RFC. Matching rules work not as far along, but > implementation work now funded at Salford, which will help progress. > CMC Update - Jim Schaad (Soaring Hawk Consulting) Core > functions largely unchanged, e.g., ASN syntax and processing rules > wil be static. New set of CMC documents being issued, breaking into > multiple pieces to allow easier progression of pieces, e.g., > transport, archive (also used by S/MIME), compliance > document. VeriSign hosted interoperability testing covering a large > number of protocol features. Several issues were uncovered during > testing. (see slides) > CMP Update - Carlisle Adams (Entrust) Interoperability > testing yielded clarifications and the document is now ready to go > to Draft Standard status. > Proxy Certificates - Stephen Tuecke (Argonne Labs) Revised ID has > been published. Related draft in TLS WG. Not many attendees have > read this draft, according to a show of hands. Because it requires > changes to certificate path validation, there is > a significant question about whether these changes should be > part of the base standards, or if this processing is a separate step > to be performed after standard path validation processing. (see > slides) > OCSPv2 - Michael Myers (VeriSign) Authors have decided to > publish as experimental for now. (no slides) > SCVP - Ambarish Malpani (ValiCert) No significant changes for > now. (no slides) > DPD/DPV - Denis Pinkas (Integris) New ID posed to > list. Incorporate new approach to DPV/DPD, using 3 protocols: DPV, > DPD, and a separate protocol for management of policy data used for > validation or discovery. This allows the DPD and DPV protocols to be > smaller and simpler, because the management of parameters used for > DPD/DPV is part of a separate protocol. The management protocol > might not be implemented on many clients, e.g., thin > clients. References to the parameters (policy) used for validation > are OIDs, and there is a provision for a client to NOT specify a > policy, but have a server employ a default policy and return that to > the user. Extensive use of hashes of ancillary values to keep > messages brief, but allow checking by client. DPV proposal allows > for validation re current time, or past time (re-validation). DPV > can return four answers, reflecting level of knowledge available to > the server, especially with regard to revocation data. DPD and > management protocol also presented in detail. (see slides) > Policy Requirements for Timestamping Authorities- Denis Pinkas > (Integris) Discussion of this ETSI document and solicitation > of comments. (see slides) > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7NNhGq20442 for ietf-pkix-bks; Thu, 23 Aug 2001 16:43:16 -0700 (PDT) Received: from INET-VRS-07.redmond.corp.microsoft.com ([131.107.3.51]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7NNhFD20438 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 16:43:15 -0700 (PDT) Received: from 157.54.9.104 by INET-VRS-07.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Thu, 23 Aug 2001 16:43:13 -0700 Received: from red-msg-02.redmond.corp.microsoft.com ([157.54.12.70]) by inet-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Thu, 23 Aug 2001 16:43:13 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary" Subject: RE: draft minutes (using DNS for PKI support) Date: Thu, 23 Aug 2001 16:43:13 -0700 Message-ID: <24A715275661C8428C00432EFCA5CB7C037AD7C7@red-msg-02.redmond.corp.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: draft minutes (using DNS for PKI support) Thread-Index: AcEqT0HO0m+EL9CTQ9qo2u3rvs4w5QB3bJ8g From: "David Cross" <dcross@microsoft.com> To: <ietf-pkix@imc.org> X-OriginalArrivalTime: 23 Aug 2001 23:43:13.0273 (UTC) FILETIME=[5FA2A690:01C12C2D] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C12C2D.5FA69E34" ------_=_NextPart_001_01C12C2D.5FA69E34 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sorry I missed the meeting. Is this proposal based on RFC 2538? =20 Using DNS for PKI Support- Simon Josephson (RSA) ID published as a personal draft. Focuses on using DNS to hold certificates and CRLs. Works especially well for S/MINE, given typical DNS lookup re MX records. Question is whether PKIX should adopt this as a work item? Will discuss this on the list. (no slides) =20 http://www.ietf.org/rfc/rfc2538.txt?number=3D2538 =20 =20 =20 =20 David B. Cross -----Original Message----- From: Stephen Kent [mailto:kent@bbn.com]=20 Sent: Tuesday, August 21, 2001 7:32 AM To: ietf-pkix@imc.org Subject: draft minutes =09 =09 Folks, =09 =09 Please review the meeting minutes and get back to me with any corrections by 8/28, so that I can submit them to the IETF secretariat by the end of the month. =09 =09 Thanks, =09 =09 Steve -------- =09 =09 PKIX WG Meeting 8/6/01 Edited by Steve Kent (WG co-chairs) =09 The PKIX WG met once during the 51st IETF. A total of approximately 153 individuals participated in the meeting. =09 =09 Tim quickly reviewed the agenda and document status, noting that there are many I-Ds in progress. (see slides) =09 Two new RFCs in the editor's queue: RFC xxxx Timestamp Protocol RFC xxxx Attribute Certificate Profile =09 In the IESG Review Process: PKIX Certificate and CRL Profile (a.k.a., son-of-2459) Public Key Algorithms and Identifiers for the PKIX Certificate profile =09 Soon to be Submitted to IESG: PKIX Roadmap Repository Locator Service =09 In WG Last Call: none =09 Close to WG last call: Certificate Management Protocol (RFC 2510bis) Certificate Request Message Framework (RFC 2511bis) Transport Protocols for CMP Online Certificate Status Protocol (OCSP v2) =09 New Work: =09 =09 Logotype Certificates - Stefan Santesson (AddTrust) Notion is to embed references to logos in certificates, for CAs or for EEs, to allow display of the logo as part of certificate processing. Argument is that people relate to logos in the physical world, and don't display certificate contents, so this is a way to bring branding into PKIs. Major concern is that people could be mislead by certificates issued by a CA that binds inappropriate logos to certificates it issues, e.g., there is no way to constrain logo references the same way we can constrain names. Proposal is to create a new extension for carrying a pointer (URL) to the logo image, an indication of the image type, and a hash of the image. (see slides) =09 Supplemental Algorithms - Ari Singer (NTRU) New work item, to contain specs for a set of algorithms that COULD be used with PKIX data structures. Support for these algorithms is not mandated, but this document will provide a reference for these supplemental algorithms. Note need to include appropriate intellectual property warnings for proprietary algorithms, and to distinguish between algorithms that are standards, vs, proprietary. (see slides) =09 PKI Disaster Recovery - Denis Pinkas (Integris) The goal of this new work is to create an informational RFC which addresses how to deal with compromise or loss of use of a CA, AA, or TSA key. Different requirements arise for EE signature keys vs. EE encryption keys, and these are addressed separately. (see slides) =09 Using DNS for PKI Support- Simon Josephson (RSA) ID published as a personal draft. Focuses on using DNS to hold certificates and CRLs. Works especially well for S/MINE, given typical DNS lookup re MX records. Question is whether PKIX should adopt this as a work item? Will discuss this on the list. (no slides) =09 =09 Ongoing Work: =09 LDAP V3 Profile and Certificate Matching Rules - David Chadwick (Univ of Salford) Profile going well, looking for feedback before publishing as RFC. Matching rules work not as far along, but implementation work now funded at Salford, which will help progress. =09 CMC Update - Jim Schaad (Soaring Hawk Consulting) Core functions largely unchanged, e.g., ASN syntax and processing rules wil be static. New set of CMC documents being issued, breaking into multiple pieces to allow easier progression of pieces, e.g., transport, archive (also used by S/MIME), compliance document. VeriSign hosted interoperability testing covering a large number of protocol features. Several issues were uncovered during testing. (see slides) =09 CMP Update - Carlisle Adams (Entrust) Interoperability testing yielded clarifications and the document is now ready to go to Draft Standard status. =09 Proxy Certificates - Stephen Tuecke (Argonne Labs) Revised ID has been published. Related draft in TLS WG. Not many attendees have read this draft, according to a show of hands. Because it requires changes to certificate path validation, there is a significant question about whether these changes should be part of the base standards, or if this processing is a separate step to be performed after standard path validation processing. (see slides) =09 OCSPv2 - Michael Myers (VeriSign) Authors have decided to publish as experimental for now. (no slides) =09 SCVP - Ambarish Malpani (ValiCert) No significant changes for now. (no slides) =09 DPD/DPV - Denis Pinkas (Integris) New ID posed to list. Incorporate new approach to DPV/DPD, using 3 protocols: DPV, DPD, and a separate protocol for management of policy data used for validation or discovery. This allows the DPD and DPV protocols to be smaller and simpler, because the management of parameters used for DPD/DPV is part of a separate protocol. The management protocol might not be implemented on many clients, e.g., thin clients. References to the parameters (policy) used for validation are OIDs, and there is a provision for a client to NOT specify a policy, but have a server employ a default policy and return that to the user. Extensive use of hashes of ancillary values to keep messages brief, but allow checking by client. DPV proposal allows for validation re current time, or past time (re-validation). DPV can return four answers, reflecting level of knowledge available to the server, especially with regard to revocation data. DPD and management protocol also presented in detail. (see slides) =09 Policy Requirements for Timestamping Authorities- Denis Pinkas (Integris) Discussion of this ETSI document and solicitation of comments. (see slides) ------_=_NextPart_001_01C12C2D.5FA69E34 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>Message</TITLE> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <STYLE type=3Dtext/css>BLOCKQUOTE { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px } DL { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px } UL { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px } OL { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px } LI { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px } </STYLE> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR></HEAD> <BODY> <DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN = class=3D228134023-23082001>Sorry=20 I missed the meeting. Is this proposal based on RFC=20 2538?</SPAN></FONT></DIV> <DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20 class=3D228134023-23082001></SPAN></FONT> </DIV> <DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN = class=3D228134023-23082001><FONT=20 face=3DCourier color=3D#000000 size=3D5>Using DNS for PKI Support- Simon = Josephson=20 (RSA)<BR><X-TAB></X-TAB>ID published as a personal draft. Focuses on = using DNS=20 to<BR>hold certificates and CRLs. Works especially well for S/MINE,=20 given<BR>typical DNS lookup re MX records. Question is whether PKIX=20 should<BR>adopt this as a work item? Will discuss this on the list. (no=20 slides)</FONT><BR></SPAN></FONT></DIV> <DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20 class=3D228134023-23082001></SPAN></FONT> </DIV> <DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN = class=3D228134023-23082001><A=20 href=3D"http://www.ietf.org/rfc/rfc2538.txt?number=3D2538">http://www.iet= f.org/rfc/rfc2538.txt?number=3D2538</A></SPAN></FONT></DIV> <DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20 class=3D228134023-23082001></SPAN></FONT> </DIV> <DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20 class=3D228134023-23082001></SPAN></FONT> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV align=3Dleft> <P dir=3Dltr align=3Dleft><B><FONT face=3DArial size=3D1>David B.=20 Cross</FONT></B><BR></P></DIV> <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px"> <DIV></DIV> <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr = align=3Dleft><FONT=20 face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> = Stephen Kent=20 [mailto:kent@bbn.com] <BR><B>Sent:</B> Tuesday, August 21, 2001 7:32=20 AM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> draft=20 minutes<BR><BR></FONT></DIV> <DIV><FONT color=3D#000000>Folks,</FONT></DIV> <DIV><FONT color=3D#000000><BR></FONT></DIV> <DIV><FONT color=3D#000000>Please review the meeting minutes and get = back to me=20 with any corrections by 8/28, so that I can submit them to the IETF=20 secretariat by the end of the month.</FONT></DIV> <DIV><FONT color=3D#000000><BR></FONT></DIV> <DIV><FONT color=3D#000000>Thanks,</FONT></DIV> <DIV><FONT color=3D#000000><BR></FONT></DIV> <DIV><FONT color=3D#000000>Steve</FONT></DIV> <DIV><FONT color=3D#000000>--------</FONT></DIV> <DIV><FONT face=3DCourier color=3D#000000 size=3D+2><BR></FONT></DIV> <DIV><FONT face=3DCourier color=3D#000000 size=3D+2>PKIX WG Meeting = 8/6/01<BR>Edited=20 by Steve Kent (WG co-chairs)<BR><BR>The PKIX WG met once during the = 51st IETF.=20 A total of approximately 153<BR>individuals participated in the=20 meeting.<BR><BR><BR>Tim quickly reviewed the agenda and document = status,=20 noting that there are many<BR>I-Ds in progress. (see = slides)<BR><BR>Two new=20 RFCs in the editor's=20 queue:<BR><X-TAB> = </X-TAB>RFC=20 xxxx<X-TAB> = </X-TAB>Timestamp=20 Protocol<BR><X-TAB> </X-TAB>RFC=20 xxxx<X-TAB> = </X-TAB>Attribute=20 Certificate Profile<BR><BR>In the IESG Review=20 Process:<BR><X-TAB> = </X-TAB>PKIX=20 Certificate and CRL Profile (a.k.a., son-of-2459)<BR><X-TAB> =20 </X-TAB>Public Key Algorithms and Identifiers for the PKIX Certificate = profile<BR><BR>Soon to be Submitted to=20 IESG:<BR><X-TAB> </X-TAB>PKIX=20 Roadmap<BR><X-TAB> </X-TAB>Repository Locator=20 Service<BR><BR>In WG Last = Call:<BR><X-TAB> =20 </X-TAB>none<BR><BR>Close to WG last=20 call:<BR><X-TAB> </X-TAB>Certificate = Management=20 Protocol (RFC 2510bis)<BR><X-TAB> </X-TAB>Certificate = Request=20 Message Framework (RFC 2511bis)<BR><X-TAB> =20 </X-TAB>Transport Protocols for CMP<BR><X-TAB> = </X-TAB>Online Certificate Status Protocol (OCSP v2)<BR><BR>New=20 Work:<BR><BR><BR>Logotype Certificates - Stefan Santesson=20 (AddTrust)<BR><X-TAB> = </X-TAB>Notion=20 is to embed references to logos in certificates, for<BR>CAs or for = EEs, =20 to allow display of the logo as part of certificate<BR>processing. = Argument is=20 that people relate to logos in the physical<BR>world, and don't = display=20 certificate contents, so this is a way to<BR>bring branding into PKIs. = Major=20 concern is that people could be<BR>mislead by certificates issued by a = CA that=20 binds inappropriate logos<BR>to certificates it issues, e.g., there is = no way=20 to constrain logo<BR>references the same way we can constrain names. = Proposal=20 is to create<BR>a new extension for carrying a pointer (URL) to the = logo=20 image, an<BR>indication of the image type, and a hash of the image. = (see=20 slides)<BR><BR>Supplemental Algorithms - Ari Singer=20 (NTRU)<BR><X-TAB></X-TAB>New work item, to contain specs for a set of=20 algorithms that<BR>COULD be used with PKIX data structures. Support = for these=20 algorithms<BR>is not mandated, but this document will provide a = reference for=20 these<BR>supplemental algorithms. Note need to include=20 appropriate<BR>intellectual property warnings for proprietary = algorithms, and=20 to<BR>distinguish between algorithms that are standards, vs,=20 proprietary.<BR>(see slides)<BR><BR>PKI Disaster Recovery - Denis = Pinkas=20 (Integris)<BR><X-TAB> </X-TAB>The goal of this new work is to = create an=20 informational RFC<BR>which addresses how to deal with compromise or = loss of=20 use of a CA,<BR>AA, or TSA key. Different requirements arise for EE = signature=20 keys<BR>vs. EE encryption keys, and these are addressed separately.=20 (see<BR>slides)<BR><BR>Using DNS for PKI Support- Simon Josephson=20 (RSA)<BR><X-TAB></X-TAB>ID published as a personal draft. Focuses on = using DNS=20 to<BR>hold certificates and CRLs. Works especially well for S/MINE,=20 given<BR>typical DNS lookup re MX records. Question is whether PKIX=20 should<BR>adopt this as a work item? Will discuss this on the list. = (no=20 slides)<BR><BR><BR>Ongoing Work:<BR><BR>LDAP V3 Profile and = Certificate=20 Matching Rules - David Chadwick (Univ<BR>of = Salford)<BR><X-TAB></X-TAB>Profile=20 going well, looking for feedback before publishing as<BR>RFC. Matching = rules=20 work not as far along, but implementation work<BR>now funded at = Salford, which=20 will help progress.<BR><BR>CMC Update - Jim Schaad (Soaring Hawk=20 Consulting)<BR><X-TAB> = </X-TAB>Core=20 functions largely unchanged, e.g., ASN syntax and<BR>processing rules = wil be=20 static. New set of CMC documents being<BR>issued, breaking into = multiple=20 pieces to allow easier progression of<BR>pieces, e.g., transport, = archive=20 (also used by S/MIME), compliance<BR>document. VeriSign hosted=20 interoperability testing covering a large<BR>number of protocol = features.=20 Several issues were uncovered during<BR>testing. (see = slides)<BR><BR>CMP=20 Update - Carlisle Adams=20 (Entrust)<BR><X-TAB> =20 </X-TAB>Interoperability testing yielded clarifications and = the<BR>document is=20 now ready to go to Draft Standard status.<BR><BR>Proxy Certificates - = Stephen=20 Tuecke (Argonne Labs)<BR><X-TAB> </X-TAB>Revised ID has been = published.=20 Related draft in TLS WG. Not<BR>many attendees have read this draft, = according=20 to a show of hands.<BR>Because it requires changes to certificate path = validation, there is</FONT></DIV> <DIV><FONT face=3DCourier color=3D#000000 size=3D+2>a significant = question about=20 whether these changes should be part of<BR>the base standards, or if = this=20 processing is a separate step to be<BR>performed after standard path=20 validation processing. (see slides)<BR><BR>OCSPv2 - Michael Myers=20 (VeriSign)<BR><X-TAB> =20 </X-TAB>Authors have decided to publish as experimental for now. (no=20 slides)<BR><BR>SCVP - Ambarish Malpani (ValiCert)<BR><X-TAB> = </X-TAB>No=20 significant changes for now. (no slides)<BR><BR>DPD/DPV - Denis Pinkas = (Integris)<BR><X-TAB> </X-TAB>New ID posed to list.=20 Incorporate new approach to DPV/DPD,<BR>using 3 protocols: DPV, DPD, = and a=20 separate protocol for management<BR>of policy data used for validation = or=20 discovery. This allows the DPD<BR>and DPV protocols to be smaller and = simpler,=20 because the management<BR>of parameters used for DPD/DPV is part of a = separate=20 protocol. The<BR>management protocol might not be implemented on many = clients,=20 e.g.,<BR>thin clients. References to the parameters (policy) used=20 for<BR>validation are OIDs, and there is a provision for a client to=20 NOT<BR>specify a policy, but have a server employ a default policy=20 and<BR>return that to the user. Extensive use of hashes of ancillary=20 values<BR>to keep messages brief, but allow checking by client. DPV=20 proposal<BR>allows for validation re current time, or past time=20 (re-validation).<BR>DPV can return four answers, reflecting level of = knowledge=20 available<BR>to the server, especially with regard to revocation data. = DPD=20 and<BR>management protocol also presented in detail. (see=20 slides)<BR><BR>Policy Requirements for Timestamping Authorities- = Denis=20 Pinkas (Integris)<BR><X-TAB> = </X-TAB>Discussion of this ETSI document and solicitation = of<BR>comments. (see=20 slides)</FONT></DIV></BLOCKQUOTE></BODY></HTML> =00 ------_=_NextPart_001_01C12C2D.5FA69E34-- --------------InterScan_NT_MIME_Boundary-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7NFc6M25429 for ietf-pkix-bks; Thu, 23 Aug 2001 08:38:06 -0700 (PDT) Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7NFc4D25419 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 08:38:04 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <Q8L2CKRN>; Thu, 23 Aug 2001 11:37:55 -0400 Message-ID: <8D7EC1912E25D411A32100D0B76953975A64C9@scygmxs01.cygnacom.com> From: Peter Hesse <pmhesse@cygnacom.com> To: "'Hiroyuki Sakakibara'" <sakaki@iss.isl.melco.co.jp>, "Housley, Russ" <rhousley@rsasecurity.com>, Peter Hesse <pmhesse@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: about validation of intermediate self-signed certs in a path Date: Thu, 23 Aug 2001 11:26:11 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C12BE7.F05A1600" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C12BE7.F05A1600 Content-Type: text/plain; charset="iso-2022-jp" Hiroyuki, Thank you for your detailed explanations of two cases in which validating the self-signed certificate within the path become valuable. My main concern is with operational systems. I've been on development teams for numerous CA and certificate validation products, and been involved with interoperability testing with many other products. I have gained the following insights on the subject of self-signed certificates: - Not all CA products generate self-signed certificates to be treated as a certificate within a certificate path. By this, I mean that not all products are concerned with setting extensions such as constraints and policies so that a path containing this certificate would successfully validate. Many CA products issue a signed name and public key in the simplest form possible. - Not all certificate validation systems place the trust root self-signed certificate within the path for validation. This is the guidance provided by RFC 2459, but is changing in son-of-2459. This is partially because of the bullet above. - Not all certificate validation systems allow any self-signed certificates to appear as intermediate certificates in paths. This is primarily for two reasons: 1) Preventing same subject name and public key from appearing twice in a path prevents loops, and 2) some argue that the same public key appearing twice in the path dilutes the trust chain. Since these are operational realities, I would be concerned with giving strong guidance within son-of-2459 about whether or not self-signed certificates should or should not appear within certificate paths. That said, I do think we could some mention of the fact that including or not including them can change the results of validation. I am primarily concerned with making sure that son-of-2459 does not allow trust root self-signed certificates at the start of paths, and not so concerned about eliminating self-signed certificates from ever appearing in a path. --Peter ---------------------------------------------------------------- Peter M. Hesse CygnaCom Solutions, a division of Phone: 703-270-3523 Entrust ICQ: 1942828 Securing the Internet ---------------------------------------------------------------- "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius -----Original Message----- From: Hiroyuki Sakakibara [mailto:sakaki@iss.isl.melco.co.jp] Sent: Thursday, August 23, 2001 5:52 AM To: Housley, Russ; Peter Hesse Cc: wford@verisign.com; wpolk@nist.gov; dsolo@alum.mit.edu; ietf-pkix@imc.org; iesg@ietf.org Subject: about validation of intermediate self-signed certs in a path Peter Thank you for your comments. Peter Hesse wrote: >TR -> A -> B -> (B self signed) -> C -> EE >Let's say that A->B has a notAfter date of 12/31/2002, >(B self signed) has a notAfter date of 12/31/2001, and B->C has a notAfter date of 12/31/2002. >If this path was developed and validated, the path would be invalid >if the current date was after 12/31/2001. Excuse me that the example was not good. again, (sorry for a long mail) [example] * A, B, C are CAs * A has a key pair whose validity term is 1 years * B has a key pair whose validity term is 1 years * C has a key pair whose validity term is 1 years 2001/01/01 06/01 2002/01/01 06/01 2003/01/01 +-----------+-----------+-----------+---------+ A->B <-----------------------> B->B <----------------------><---------------------> (1) (2) B->C <-----------------------> B issues a self-signed cert (1), notBefore 2001/01/01 notAfter 2001/12/31. B is going to issue a new self-signed cert (2) which containts the public key in (1), notBefore 2002/01/01 notAfter 2002/12/31, if the public key in (1) has no problem on 2001/12/31. ( notBefore of (2) may be 2001/01/01 ) B announces the schedule of issuance of (2) to A and C beforehand. A issues a certificate to B, notBefore 2001/06/01 notAfter 2002/5/31. A expects that B is going to issue (2), hence, A can issue A->B whose notAfter excesses notAfter of (1) and the validity term of A->B is exactly 1 year. B issues a certificate to C, notBefore 2001/06/01 notAfter 2002/05/31. Because B is going to issue (2) on 2002/01/01, hence B can issue B->C whose notAfter excesses notAfter of (1). In this example, B can use the same public key continuously, in (1) and (2). As a result, A can issue a cert to B whose validity term is always 1 year, whennever A issues. B can issue a cert to C whose validity term is always 1 year, whennever B issues, also. I suppose that some PKI systems adopt this kind of cert issuance. [problem] However, assume that B does not issues (2), by incident, or rough operation etc.... if on 2002/01/02 a validation software can constructs, "A->B, B->C" path only, hence the software could not notice that the trouble with issuance of (2). Therefore it is not certain that the B's public key is good or not. In order to avoid this situation, A has to observe that B issues and published (2) in LDAP etc about 2002/01/01 and if B does not issues (2), A should alarm that. If the software constructs "A->B, B->B(1), B->C" path, it can notice that the path is wrong, because B->B(1) is expired, and would try to construct another path, "A->B, B->B(2), B->C" however, B->B(2) is not present, so, it would give up, or construct "A->B, B->C", eventhough it may be invalid. Therefore, the result of validation of the path "A->B, B->C" and the result of validation of the path "A->B, B->B(2), B->C" are not identical in this case. [revocation example] Peter Hesse wrote: >In the case of self-signed revocation, I am not sure why a CA would revoke itself. If the >CA was truly operating as a "rogue", it would not revoke itself in order to keep whatever >trust it still had. Can you trust a CA that revokes itself? I am reminded of the old puzzle >in which you encounter two people at a crossroads, a truthteller and a liar. You do not >know which is which, and must ask one of them a question in order to know if you should >turn left or right to get to where you want to go I agree with you. But in the case that A issues a cross certificate to B and B issues a self-signed cert to itself, not only B but also A would do rough operation. If B is a rough CA, as you mentioned, B would not revoke itself and not announce the revocation status of B to A, then a path could be validated as good. If A is a rough CA, even though B asks A to revoke the cross-cert from A to B, A would not, then a path could be valdiated as good also. I will show an example where a validation software would had better check revocation status of self-signed certificates. ( this is an example of latter case.) 1. B's private key was revoked. 2. B issues a CRL asserting "B is revoked" with its revoked privatekey. 3. B announces its revocaton to other CAs, then other CAs should revoke cross-certs to B. If the procedure 3 is done immediately, the procedure 2 is not neccesarry. But if not, because of trouble of CA sysytems or rough operateion what else, I suppose that adoption of the procedure 2 is a good idea. Actually, there is a risk that a bad person who knows B's private key issues a fake CRL asserting "B is OK(not on the list)", and a validation software uses the fake one accidentally. A validation software can not distinguish that an obtained CRL is issued by B or by the bad person, however if the software obtains the correct CRL issued by "B" first or obtains both the correct one and the fake one, the software can notice that the revocation of B, even though the procedure 3 is not done immediately. Offcourse, it is not able to prevent a validation software from obtaining only the fake CRL first, however issuing a CRL in the procedure 2 could reduce a risk that the software ALWAYS referes only the fake one. [my interpretation] I think that a validation software could gain some additional benefits by checking self-signed certificates in a path in the case of some PKI system such as the shown example. However when mis-operations or troubles among CAs seldom happen, a validation software would not need to check them. So, section 6.1, considering your comments, my interpretation became as follows, * validating a path without self-signed certs ONLY -> GOOD * validating a path with self-signed certs ONLY -> GOOD * validating BOTH paths -> GOOD actually, I agree with that most implementations apply the first one because of its simplicity as you mentioned. Also, I think that any guidline of a recommended path pattern (such as the first one) is useful. --------------------------------------- Hiroyuki Sakakibara MITSUBISHI ELECTRIC CORPORATION Information Technology R&D Center 5-1-1 Ofuna, Kamakura, Kanagawa, Japan PHONE: +81-467-41-2183 FAX: +81-467-41-2185 E-mail : sakaki@iss.isl.melco.co.jp ------_=_NextPart_001_01C12BE7.F05A1600 Content-Type: text/html; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-2022-jp"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>RE: about validation of intermediate self-signed certs in a = path</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>Hiroyuki,</FONT> </P> <P><FONT SIZE=3D2>Thank you for your detailed explanations of two cases = in which validating the self-signed certificate within the path become = valuable.</FONT></P> <P><FONT SIZE=3D2>My main concern is with operational systems. = I've been on development teams for numerous CA and certificate = validation products, and been involved with interoperability testing = with many other products. I have gained the following insights on = the subject of self-signed certificates:</FONT></P> <P><FONT SIZE=3D2>- Not all CA products generate self-signed = certificates to be treated as a certificate within a certificate = path. By this, I mean that not all products are concerned with = setting extensions such as constraints and policies so that a path = containing this certificate would successfully validate. Many CA = products issue a signed name and public key in the simplest form = possible.</FONT></P> <P><FONT SIZE=3D2>- Not all certificate validation systems place the = trust root self-signed certificate within the path for = validation. This is the guidance provided by RFC 2459, but is = changing in son-of-2459. This is partially because of the bullet = above.</FONT></P> <P><FONT SIZE=3D2>- Not all certificate validation systems allow any = self-signed certificates to appear as intermediate certificates in = paths. This is primarily for two reasons: 1) Preventing same = subject name and public key from appearing twice in a path prevents = loops, and 2) some argue that the same public key appearing twice in = the path dilutes the trust chain.</FONT></P> <P><FONT SIZE=3D2>Since these are operational realities, I would be = concerned with giving strong guidance within son-of-2459 about whether = or not self-signed certificates should or should not appear within = certificate paths. That said, I do think we could some mention of = the fact that including or not including them can change the results of = validation. I am primarily concerned with making sure that = son-of-2459 does not allow trust root self-signed certificates at the = start of paths, and not so concerned about eliminating self-signed = certificates from ever appearing in a path.</FONT></P> <P><FONT SIZE=3D2>--Peter</FONT> </P> <P><FONT = SIZE=3D2>---------------------------------------------------------------= -</FONT> <BR><FONT SIZE=3D2> Peter M. = Hesse = CygnaCom Solutions, a division of</FONT> <BR><FONT SIZE=3D2> Phone: = 703-270-3523 = Entrust</FONT> <BR><FONT SIZE=3D2> ICQ: = 1942828  = ; Securing the Internet</FONT> <BR><FONT = SIZE=3D2>---------------------------------------------------------------= -</FONT> <BR><FONT SIZE=3D2>"Pay no attention to what the critics say; = there has never been</FONT> <BR><FONT SIZE=3D2>a statue set up in honor of a critic." --Jean = Sibelius</FONT> </P> <BR> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Hiroyuki Sakakibara [<A = HREF=3D"mailto:sakaki@iss.isl.melco.co.jp">mailto:sakaki@iss.isl.melco.c= o.jp</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Thursday, August 23, 2001 5:52 AM</FONT> <BR><FONT SIZE=3D2>To: Housley, Russ; Peter Hesse</FONT> <BR><FONT SIZE=3D2>Cc: wford@verisign.com; wpolk@nist.gov; = dsolo@alum.mit.edu; ietf-pkix@imc.org; iesg@ietf.org</FONT> <BR><FONT SIZE=3D2>Subject: about validation of intermediate = self-signed certs in a path</FONT> </P> <BR> <BR> <P><FONT SIZE=3D2>Peter</FONT> </P> <P><FONT SIZE=3D2>Thank you for your comments.</FONT> </P> <P><FONT SIZE=3D2>Peter Hesse wrote:</FONT> <BR><FONT SIZE=3D2>>TR -> A -> B -> (B self signed) -> C = -> EE</FONT> <BR><FONT SIZE=3D2>>Let's say that A->B has a notAfter date of = 12/31/2002,</FONT> <BR><FONT SIZE=3D2>>(B self signed) has a notAfter date of = 12/31/2001, and B->C has a notAfter</FONT> <BR><FONT SIZE=3D2>date of 12/31/2002.</FONT> <BR><FONT SIZE=3D2>>If this path was developed and validated, the = path would be invalid</FONT> <BR><FONT SIZE=3D2>>if the current date was after = 12/31/2001.</FONT> </P> <P><FONT SIZE=3D2>Excuse me that the example was not good.</FONT> </P> <P><FONT SIZE=3D2>again, (sorry for a long mail)</FONT> </P> <P><FONT SIZE=3D2>[example]</FONT> </P> <P><FONT SIZE=3D2>* A, B, C are CAs</FONT> <BR><FONT SIZE=3D2>* A has a key pair whose validity term is 1 = years</FONT> <BR><FONT SIZE=3D2>* B has a key pair whose validity term is 1 = years</FONT> <BR><FONT SIZE=3D2>* C has a key pair whose validity term is 1 = years</FONT> </P> <BR> <P><FONT SIZE=3D2> 2001/01/01 = 06/01 2002/01/01 06/01 = 2003/01/01</FONT> <BR><FONT SIZE=3D2> = +-----------+-----------+-----------+---------+</FONT> </P> <P><FONT = SIZE=3D2>A->B &n= bsp; = <-----------------------></FONT> </P> <P><FONT SIZE=3D2>B->B = <----------------------><---------------------></FONT> <BR><FONT = SIZE=3D2> &nb= sp; &nb= sp; = (1) &nb= sp; &nb= sp; (2)</FONT> </P> <P><FONT = SIZE=3D2>B->C &n= bsp; = <-----------------------></FONT> </P> <BR> <P><FONT SIZE=3D2>B issues a self-signed cert (1), notBefore 2001/01/01 = notAfter 2001/12/31.</FONT> <BR><FONT SIZE=3D2>B is going to issue a new self-signed cert (2) = which</FONT> <BR><FONT SIZE=3D2>containts the public key in (1), notBefore = 2002/01/01 notAfter 2002/12/31,</FONT> <BR><FONT SIZE=3D2>if the public key in (1) has no problem on = 2001/12/31.</FONT> <BR><FONT SIZE=3D2>( notBefore of (2) may be 2001/01/01 )</FONT> <BR><FONT SIZE=3D2>B announces the schedule of issuance of (2) to A and = C beforehand.</FONT> </P> <P><FONT SIZE=3D2>A issues a certificate to B, notBefore 2001/06/01 = notAfter 2002/5/31.</FONT> <BR><FONT SIZE=3D2>A expects that B is going to issue (2), hence, A can = issue A->B</FONT> <BR><FONT SIZE=3D2>whose notAfter excesses notAfter of (1) and the = validity term</FONT> <BR><FONT SIZE=3D2>of A->B is exactly 1 year.</FONT> </P> <P><FONT SIZE=3D2>B issues a certificate to C, notBefore 2001/06/01 = notAfter 2002/05/31.</FONT> <BR><FONT SIZE=3D2>Because B is going to issue (2) on 2002/01/01, hence = B can issue</FONT> <BR><FONT SIZE=3D2>B->C whose notAfter excesses notAfter of = (1).</FONT> </P> <P><FONT SIZE=3D2>In this example, B can use the same public key = continuously, in (1) and (2).</FONT> <BR><FONT SIZE=3D2>As a result, A can issue a cert to B whose validity = term is always 1 year,</FONT> <BR><FONT SIZE=3D2>whennever A issues.</FONT> <BR><FONT SIZE=3D2>B can issue a cert to C whose validity term is = always 1 year,</FONT> <BR><FONT SIZE=3D2>whennever B issues, also.</FONT> </P> <P><FONT SIZE=3D2>I suppose that some PKI systems adopt this kind of = cert issuance.</FONT> </P> <BR> <P><FONT SIZE=3D2>[problem]</FONT> </P> <P><FONT SIZE=3D2>However, assume that B does not issues (2), by = incident,</FONT> <BR><FONT SIZE=3D2>or rough operation etc....</FONT> </P> <P><FONT SIZE=3D2>if on 2002/01/02 a validation software can = constructs,</FONT> </P> <P><FONT SIZE=3D2>"A->B, B->C" path only,</FONT> </P> <P><FONT SIZE=3D2>hence the software could not notice that the = trouble</FONT> <BR><FONT SIZE=3D2>with issuance of (2).</FONT> <BR><FONT SIZE=3D2>Therefore it is not certain that the B's public = key</FONT> <BR><FONT SIZE=3D2>is good or not.</FONT> <BR><FONT SIZE=3D2>In order to avoid this situation, A has to observe = that</FONT> <BR><FONT SIZE=3D2>B issues and published (2) in LDAP etc about = 2002/01/01</FONT> <BR><FONT SIZE=3D2>and if B does not issues (2), A should alarm = that.</FONT> </P> <P><FONT SIZE=3D2>If the software constructs "A->B, B->B(1), = B->C" path,</FONT> <BR><FONT SIZE=3D2>it can notice that the path is wrong, because = B->B(1) is expired,</FONT> <BR><FONT SIZE=3D2>and would try to construct another path, = "A->B, B->B(2), B->C"</FONT> <BR><FONT SIZE=3D2>however, B->B(2) is not present, so, it would = give up, or</FONT> <BR><FONT SIZE=3D2>construct "A->B, B->C", eventhough = it may be invalid.</FONT> </P> <P><FONT SIZE=3D2>Therefore, the result of validation of the path = "A->B, B->C"</FONT> <BR><FONT SIZE=3D2>and the result of validation of the path = "A->B, B->B(2), B->C"</FONT> <BR><FONT SIZE=3D2>are not identical in this case.</FONT> </P> <BR> <P><FONT SIZE=3D2>[revocation example]</FONT> </P> <P><FONT SIZE=3D2>Peter Hesse wrote:</FONT> <BR><FONT SIZE=3D2>>In the case of self-signed revocation, I am not = sure why a CA would revoke</FONT> <BR><FONT SIZE=3D2>itself. If the >CA was truly operating as a = "rogue", it would not revoke</FONT> <BR><FONT SIZE=3D2>itself in order to keep whatever >trust it still = had. Can you trust a CA</FONT> <BR><FONT SIZE=3D2>that revokes itself? I am reminded of the old = puzzle >in which you</FONT> <BR><FONT SIZE=3D2>encounter two people at a crossroads, a truthteller = and a liar. You do not</FONT> <BR><FONT SIZE=3D2>>know which is which, and must ask one of them a = question in order to know</FONT> <BR><FONT SIZE=3D2>if you should >turn left or right to get to where = you want to go</FONT> </P> <P><FONT SIZE=3D2>I agree with you.</FONT> <BR><FONT SIZE=3D2>But in the case that A issues a cross certificate to = B and</FONT> <BR><FONT SIZE=3D2>B issues a self-signed cert to itself,</FONT> <BR><FONT SIZE=3D2>not only B but also A would do rough = operation.</FONT> </P> <P><FONT SIZE=3D2>If B is a rough CA, as you mentioned, B would not = revoke itself and not</FONT> <BR><FONT SIZE=3D2>announce</FONT> <BR><FONT SIZE=3D2>the revocation status of B to A, then a path could = be validated as good.</FONT> </P> <P><FONT SIZE=3D2>If A is a rough CA, even though B asks A to revoke = the cross-cert from A to</FONT> <BR><FONT SIZE=3D2>B,</FONT> <BR><FONT SIZE=3D2>A would not, then a path could be valdiated as good = also.</FONT> </P> <P><FONT SIZE=3D2>I will show an example where a validation = software</FONT> <BR><FONT SIZE=3D2>would had better check revocation status of = self-signed certificates.</FONT> <BR><FONT SIZE=3D2>( this is an example of latter case.)</FONT> </P> <P><FONT SIZE=3D2>1. B's private key was revoked.</FONT> </P> <P><FONT SIZE=3D2>2. B issues a CRL asserting "B is = revoked"</FONT> <BR><FONT SIZE=3D2> with its revoked privatekey.</FONT> </P> <P><FONT SIZE=3D2>3. B announces its revocaton to other CAs, then other = CAs</FONT> <BR><FONT SIZE=3D2> should revoke cross-certs to B.</FONT> </P> <P><FONT SIZE=3D2>If the procedure 3 is done immediately, the procedure = 2 is not neccesarry.</FONT> <BR><FONT SIZE=3D2>But if not, because of trouble of CA sysytems or = rough operateion what else,</FONT> <BR><FONT SIZE=3D2>I suppose that adoption of the procedure 2 is a good = idea.</FONT> </P> <P><FONT SIZE=3D2>Actually, there is a risk that a bad person who knows = B's private key issues</FONT> <BR><FONT SIZE=3D2>a fake CRL asserting "B is OK(not on the = list)",</FONT> <BR><FONT SIZE=3D2>and a validation software uses the fake one = accidentally.</FONT> </P> <P><FONT SIZE=3D2>A validation software can not distinguish that an = obtained CRL is issued by</FONT> <BR><FONT SIZE=3D2>B</FONT> <BR><FONT SIZE=3D2>or by the bad person,</FONT> <BR><FONT SIZE=3D2>however if the software obtains the correct CRL = issued by "B" first or</FONT> <BR><FONT SIZE=3D2>obtains both the correct one and the fake one, the = software can</FONT> <BR><FONT SIZE=3D2>notice that the revocation of B, even though the = procedure 3 is not done</FONT> <BR><FONT SIZE=3D2>immediately.</FONT> </P> <P><FONT SIZE=3D2>Offcourse, it is not able to prevent a validation = software from obtaining</FONT> <BR><FONT SIZE=3D2>only the fake CRL first, however issuing a CRL in = the procedure 2 could</FONT> <BR><FONT SIZE=3D2>reduce a risk that the software ALWAYS referes only = the fake one.</FONT> </P> <BR> <P><FONT SIZE=3D2>[my interpretation]</FONT> </P> <P><FONT SIZE=3D2>I think that a validation software could gain some = additional benefits</FONT> <BR><FONT SIZE=3D2>by checking self-signed certificates in a path in = the case of some</FONT> <BR><FONT SIZE=3D2>PKI system such as the shown example.</FONT> </P> <P><FONT SIZE=3D2>However when mis-operations or troubles among CAs = seldom happen,</FONT> <BR><FONT SIZE=3D2>a validation software would not need to check = them.</FONT> </P> <P><FONT SIZE=3D2>So, section 6.1, considering your comments,</FONT> <BR><FONT SIZE=3D2>my interpretation became as follows,</FONT> </P> <P><FONT SIZE=3D2>* validating a path without self-signed certs ONLY = -> GOOD</FONT> <BR><FONT SIZE=3D2>* validating a path with self-signed certs ONLY = -> GOOD</FONT> <BR><FONT SIZE=3D2>* validating BOTH paths -> GOOD</FONT> </P> <P><FONT SIZE=3D2>actually, I agree with that most implementations = apply the first one</FONT> <BR><FONT SIZE=3D2>because of its simplicity as you mentioned.</FONT> </P> <P><FONT SIZE=3D2>Also, I think that any guidline of a = recommended</FONT> <BR><FONT SIZE=3D2>path pattern (such as the first one) is = useful.</FONT> </P> <P><FONT SIZE=3D2>---------------------------------------</FONT> <BR><FONT SIZE=3D2>Hiroyuki Sakakibara</FONT> <BR><FONT SIZE=3D2>MITSUBISHI ELECTRIC CORPORATION</FONT> <BR><FONT SIZE=3D2>Information Technology R&D Center</FONT> <BR><FONT SIZE=3D2>5-1-1 Ofuna, Kamakura, Kanagawa, Japan</FONT> <BR><FONT SIZE=3D2>PHONE: +81-467-41-2183</FONT> <BR><FONT SIZE=3D2>FAX: +81-467-41-2185</FONT> <BR><FONT SIZE=3D2>E-mail : sakaki@iss.isl.melco.co.jp</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C12BE7.F05A1600-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7NEajf21174 for ietf-pkix-bks; Thu, 23 Aug 2001 07:36:45 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7NEabD21165 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 07:36:38 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 23 Aug 2001 14:34:19 UT Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA29964 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 10:35:50 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <QTWCQ4B8>; Thu, 23 Aug 2001 10:36:28 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.45]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWCQ4BY; Thu, 23 Aug 2001 10:36:25 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: chkim@initech.com Cc: ietf-pkix@imc.org Message-Id: <5.0.1.4.2.20010823102018.041f7e50@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Thu, 23 Aug 2001 10:22:27 -0400 Subject: Re: Question about ECDSA. In-Reply-To: <04ADDBBB4C7EBF468E3DF355B750195E0F5807@file.initech.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> The ANSI X9 and PKIX documents have never included specifications for private key syntax. Perhaps Certicom can offer a recommended syntax. Russ >I can't found ECDSA PriveKey OID. >There is no information about it in X9.62 and your draft-ietf-pkix-ipki- >pkalgs-03.txt. > >I want to know ECDSA PrivateKey ASN.1 syntax, OID and >PrivateKeyAlgorithms OID. >where can I that information? > >Thanks. Received: by above.proper.com (8.11.6/8.11.3) id f7NERqx20939 for ietf-pkix-bks; Thu, 23 Aug 2001 07:27:52 -0700 (PDT) Received: from mail.ca.certicom.com (ip6.certicom.com [209.121.99.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7NERoD20935 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 07:27:50 -0700 (PDT) Received: from smtpmail.certicom.com (smtpmail.certicom.com [10.0.1.25]) by mail.ca.certicom.com (8.9.3/8.9.3) with SMTP id KAA29732 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 10:20:55 -0400 (EDT) Received: by smtpmail.certicom.com(Lotus SMTP MTA v4.6.4 (830.2 3-23-1999)) id 85256AB1.004F64A3 ; Thu, 23 Aug 2001 10:27:11 -0400 X-Lotus-FromDomain: CERTICOM From: "Simon Blake-Wilson" <sblakewilson@certicom.com> To: ietf-pkix@imc.org Message-ID: <85256AB1.004F6430.00@smtpmail.certicom.com> Date: Thu, 23 Aug 2001 10:24:12 -0400 Subject: Re: Question about ECDSA. Mime-Version: 1.0 Content-type: multipart/mixed; Boundary="0__=Trc6vVswVJYHMBNJTGEp26QMejjMvnL4N84OeMHGg5n4wipYe4iuIpsX" Content-Disposition: inline Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --0__=Trc6vVswVJYHMBNJTGEp26QMejjMvnL4N84OeMHGg5n4wipYe4iuIpsX Content-type: text/plain; charset=us-ascii Content-Disposition: inline ECDSA private key syntax is suggested in SEC1 ... you should be able to download from www.secg.org. The syntax suggested there is the only standardized ECC private key syntax as far as I know. Best regards. Simon --0__=Trc6vVswVJYHMBNJTGEp26QMejjMvnL4N84OeMHGg5n4wipYe4iuIpsX Content-type: text/plain; charset=euc-kr Content-Disposition: inline ±è Ãæ±æ <chkim@initech.com> on 08/23/2001 05:39:13 AM To: ietf-pkix@imc.org cc: (bcc: Simon Blake-Wilson/Certicom) Subject: Question about ECDSA. --0__=Trc6vVswVJYHMBNJTGEp26QMejjMvnL4N84OeMHGg5n4wipYe4iuIpsX Content-type: text/plain; charset=us-ascii Content-Disposition: inline I can't found ECDSA PriveKey OID. There is no information about it in X9.62 and your draft-ietf-pkix-ipki- pkalgs-03.txt. I want to know ECDSA PrivateKey ASN.1 syntax, OID and PrivateKeyAlgorithms OID. where can I that information? Thanks. --0__=Trc6vVswVJYHMBNJTGEp26QMejjMvnL4N84OeMHGg5n4wipYe4iuIpsX-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7NEKoh20802 for ietf-pkix-bks; Thu, 23 Aug 2001 07:20:50 -0700 (PDT) Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7NEKmD20797 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 07:20:48 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id IAA09639; Thu, 23 Aug 2001 08:20:45 -0600 (MDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id KAA11317; Thu, 23 Aug 2001 10:20:43 -0400 (EDT) Message-ID: <3B851114.331C2A35@sun.com> Date: Thu, 23 Aug 2001 10:20:04 -0400 From: Steve Hanna <steve.hanna@sun.com> Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Tom Gindin <tgindin@us.ibm.com> CC: Peter Sylvester <Peter.Sylvester@edelweb.fr>, ietf-pkix@imc.org Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) References: <OFE80194B9.B4D5BE34-ON85256AB0.007BF5B4@pok.ibm.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Tom Gindin wrote: > On a more constructive note, however, any attribute which can only > be encoded in PrintableString or NumericString (or Object ID) can > safely be used in excludedSubtrees. The most useful of these is > probably Country. Right. So I can safely use excludedSubtrees with directoryNames as long as the only attributes in the excluded DN are countryName, dnQualifier, and serialNumber. But I suspect that most DNs that people would want to exclude would contain organizationName and the like. So I still think that using excludedSubtrees with directoryNames is generally a bad idea. The Security Considerations section of new-part1-08 basically says this, so I don't think any changes to the draft are required. -Steve Received: by above.proper.com (8.11.6/8.11.3) id f7NCwUI18123 for ietf-pkix-bks; Thu, 23 Aug 2001 05:58:30 -0700 (PDT) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7NCwTD18119 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 05:58:29 -0700 (PDT) Received: from krdp2 (krdp2.ncsl.nist.gov [129.6.54.107]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id IAA24716; Thu, 23 Aug 2001 08:58:43 -0400 (EDT) Message-Id: <4.2.2.20010823084526.00bc6560@email.nist.gov> X-Sender: cooper@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 23 Aug 2001 08:57:46 -0400 To: Jeff Jacoby <jjacoby@rsasecurity.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: "David A. Cooper" <david.cooper@nist.gov> Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 In-Reply-To: <3B8426F7.ACA4DF24@rsasecurity.com> References: <3B82DCCA.3AE02568@rsasecurity.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Jeff, any-policy and anyPolicy are different, although the difference is somewhat subtle. The term any-policy is essentially a mathematical variable representing the set of all possible certificate policies (i.e., any-policy = {OID | OID is an object identifier that represents a certificate policy}). anyPolicy, on the other hand, is a variable defined in an ASN.1 module and it represents a specific object identifier (anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificate-policies 0 }). So, anyPolicy is an object identifier that may appear in the certificatePolicies extension of a certificate. any-policy represents a mathematical value that can be the value of a state variable in section 6 (e.g., user-initial-policy-set, expected_policy_set). At least, this was the intention. In responding to your question I noticed that "any-policy" was sometimes used where "anyPolicy" should have been. This will need to be corrected. Dave At 02:41 PM 8/22/01 -0700, Jeff Jacoby wrote: >"Jacoby, Jeffrey" wrote: > > > > To all, > > > > Jumping on the bandwagon here... > > > > There are three points I believe could use clarification (at least > > I'm having trouble grokking them). > >One more minor item. The term "any-policy" is used >throughout the document . However, the ASN.1 name >is anyPolicy: > > anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificate-policies 0 } > >and in fact "anyPolicy" is also used in several places in the >document. > >Is the use of "any-policy" meant to imply a difference from "anyPolicy", >or do these two terms really mean the exact same thing? If the latter, >then >I believe "any-policy" should be replaced by "anyPolicy" throughout. > >Jeff Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7N9kAW07275 for ietf-pkix-bks; Thu, 23 Aug 2001 02:46:10 -0700 (PDT) Received: from mx02.melco.co.jp (mx01.melco.co.jp [192.218.140.41]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7N9k5D07269 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 02:46:05 -0700 (PDT) Received: by mx02.melco.co.jp (mx02) id SAA14504; Thu, 23 Aug 2001 18:46:01 +0900 (JST) Received: by mr03.melco.co.jp (mr03) id SAA25189; Thu, 23 Aug 2001 18:46:00 +0900 (JST) Received: from elmail by elgw.isl.melco.co.jp (8.8.8/3.6W) id SAA11821; Thu, 23 Aug 2001 18:45:59 +0900 (JST) Received: from iss.isl.melco.co.jp (iss.isl.melco.co.jp [10.74.5.60]) by elmail.isl.melco.co.jp (iPlanet Messaging Server 5.0 Patch 3 (built Mar 23 2001)) with ESMTP id <0GII00IEOLSJ2P@elmail.isl.melco.co.jp> for ietf-pkix@imc.org; Thu, 23 Aug 2001 18:45:56 +0900 (JST) Received: from belize by iss.isl.melco.co.jp (8.8.8/3.6W) id SAA12220; Thu, 23 Aug 2001 18:45:56 +0900 (JST) Date: Thu, 23 Aug 2001 18:52:04 +0900 From: Hiroyuki Sakakibara <sakaki@iss.isl.melco.co.jp> Subject: about validation of intermediate self-signed certs in a path To: "Housley, Russ" <rhousley@rsasecurity.com>, Peter Hesse <pmhesse@cygnacom.com> Cc: wford@verisign.com, wpolk@nist.gov, dsolo@alum.mit.edu, ietf-pkix@imc.org, iesg@ietf.org Message-id: <00df01c12bb9$43966b40$78054a0a@iss.isl.melco.co.jp> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Content-type: text/plain; charset=iso-2022-jp Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter Thank you for your comments. Peter Hesse wrote: >TR -> A -> B -> (B self signed) -> C -> EE >Let's say that A->B has a notAfter date of 12/31/2002, >(B self signed) has a notAfter date of 12/31/2001, and B->C has a notAfter date of 12/31/2002. >If this path was developed and validated, the path would be invalid >if the current date was after 12/31/2001. Excuse me that the example was not good. again, (sorry for a long mail) [example] * A, B, C are CAs * A has a key pair whose validity term is 1 years * B has a key pair whose validity term is 1 years * C has a key pair whose validity term is 1 years 2001/01/01 06/01 2002/01/01 06/01 2003/01/01 +-----------+-----------+-----------+---------+ A->B <-----------------------> B->B <----------------------><---------------------> (1) (2) B->C <-----------------------> B issues a self-signed cert (1), notBefore 2001/01/01 notAfter 2001/12/31. B is going to issue a new self-signed cert (2) which containts the public key in (1), notBefore 2002/01/01 notAfter 2002/12/31, if the public key in (1) has no problem on 2001/12/31. ( notBefore of (2) may be 2001/01/01 ) B announces the schedule of issuance of (2) to A and C beforehand. A issues a certificate to B, notBefore 2001/06/01 notAfter 2002/5/31. A expects that B is going to issue (2), hence, A can issue A->B whose notAfter excesses notAfter of (1) and the validity term of A->B is exactly 1 year. B issues a certificate to C, notBefore 2001/06/01 notAfter 2002/05/31. Because B is going to issue (2) on 2002/01/01, hence B can issue B->C whose notAfter excesses notAfter of (1). In this example, B can use the same public key continuously, in (1) and (2). As a result, A can issue a cert to B whose validity term is always 1 year, whennever A issues. B can issue a cert to C whose validity term is always 1 year, whennever B issues, also. I suppose that some PKI systems adopt this kind of cert issuance. [problem] However, assume that B does not issues (2), by incident, or rough operation etc.... if on 2002/01/02 a validation software can constructs, "A->B, B->C" path only, hence the software could not notice that the trouble with issuance of (2). Therefore it is not certain that the B's public key is good or not. In order to avoid this situation, A has to observe that B issues and published (2) in LDAP etc about 2002/01/01 and if B does not issues (2), A should alarm that. If the software constructs "A->B, B->B(1), B->C" path, it can notice that the path is wrong, because B->B(1) is expired, and would try to construct another path, "A->B, B->B(2), B->C" however, B->B(2) is not present, so, it would give up, or construct "A->B, B->C", eventhough it may be invalid. Therefore, the result of validation of the path "A->B, B->C" and the result of validation of the path "A->B, B->B(2), B->C" are not identical in this case. [revocation example] Peter Hesse wrote: >In the case of self-signed revocation, I am not sure why a CA would revoke itself. If the >CA was truly operating as a "rogue", it would not revoke itself in order to keep whatever >trust it still had. Can you trust a CA that revokes itself? I am reminded of the old puzzle >in which you encounter two people at a crossroads, a truthteller and a liar. You do not >know which is which, and must ask one of them a question in order to know if you should >turn left or right to get to where you want to go I agree with you. But in the case that A issues a cross certificate to B and B issues a self-signed cert to itself, not only B but also A would do rough operation. If B is a rough CA, as you mentioned, B would not revoke itself and not announce the revocation status of B to A, then a path could be validated as good. If A is a rough CA, even though B asks A to revoke the cross-cert from A to B, A would not, then a path could be valdiated as good also. I will show an example where a validation software would had better check revocation status of self-signed certificates. ( this is an example of latter case.) 1. B's private key was revoked. 2. B issues a CRL asserting "B is revoked" with its revoked privatekey. 3. B announces its revocaton to other CAs, then other CAs should revoke cross-certs to B. If the procedure 3 is done immediately, the procedure 2 is not neccesarry. But if not, because of trouble of CA sysytems or rough operateion what else, I suppose that adoption of the procedure 2 is a good idea. Actually, there is a risk that a bad person who knows B's private key issues a fake CRL asserting "B is OK(not on the list)", and a validation software uses the fake one accidentally. A validation software can not distinguish that an obtained CRL is issued by B or by the bad person, however if the software obtains the correct CRL issued by "B" first or obtains both the correct one and the fake one, the software can notice that the revocation of B, even though the procedure 3 is not done immediately. Offcourse, it is not able to prevent a validation software from obtaining only the fake CRL first, however issuing a CRL in the procedure 2 could reduce a risk that the software ALWAYS referes only the fake one. [my interpretation] I think that a validation software could gain some additional benefits by checking self-signed certificates in a path in the case of some PKI system such as the shown example. However when mis-operations or troubles among CAs seldom happen, a validation software would not need to check them. So, section 6.1, considering your comments, my interpretation became as follows, * validating a path without self-signed certs ONLY -> GOOD * validating a path with self-signed certs ONLY -> GOOD * validating BOTH paths -> GOOD actually, I agree with that most implementations apply the first one because of its simplicity as you mentioned. Also, I think that any guidline of a recommended path pattern (such as the first one) is useful. --------------------------------------- Hiroyuki Sakakibara MITSUBISHI ELECTRIC CORPORATION Information Technology R&D Center 5-1-1 Ofuna, Kamakura, Kanagawa, Japan PHONE: +81-467-41-2183 FAX: +81-467-41-2185 E-mail : sakaki@iss.isl.melco.co.jp Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7N9cAR06230 for ietf-pkix-bks; Thu, 23 Aug 2001 02:38:10 -0700 (PDT) Received: from file.initech.com ([61.74.133.21]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7N9c7D06226 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 02:38:07 -0700 (PDT) Subject: Question about ECDSA. Date: Thu, 23 Aug 2001 18:39:13 +0900 Message-ID: <04ADDBBB4C7EBF468E3DF355B750195E0F5807@file.initech.com> MIME-Version: 1.0 X-MS-Has-Attach: Content-Type: text/plain; charset="euc-kr" X-MS-TNEF-Correlator: Thread-Topic: Question about ECDSA. content-class: urn:content-classes:message Thread-Index: AcErt7EmQQauvEBHTfOeJIAxrX1TfQ== X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 From: =?euc-kr?B?seggw+ax5g==?= <chkim@initech.com> To: <ietf-pkix@imc.org> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by above.proper.com id f7N9c9D06227 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I can't found ECDSA PriveKey OID. There is no information about it in X9.62 and your draft-ietf-pkix-ipki- pkalgs-03.txt. I want to know ECDSA PrivateKey ASN.1 syntax, OID and PrivateKeyAlgorithms OID. where can I that information? Thanks. Received: by above.proper.com (8.11.6/8.11.3) id f7N8Zm602646 for ietf-pkix-bks; Thu, 23 Aug 2001 01:35:48 -0700 (PDT) Received: from server.speedcom.it (server.speedcom.it [195.32.69.66]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7N8ZkD02639 for <ietf-pkix@imc.org>; Thu, 23 Aug 2001 01:35:46 -0700 (PDT) Received: (from adg@localhost) by server.speedcom.it (0.0.0/0.0.0) id KAA07162; Thu, 23 Aug 2001 10:18:50 +0200 Date: Thu, 23 Aug 2001 10:18:50 +0200 From: Alfonso De Gregorio <agregorio@acm.org> To: Peter Gutmann <pgut001@cs.auckland.ac.nz> Cc: tho@andxor.com, ietf-pkix@imc.org, r.galli@com-and.com Subject: Re: New test TSA available Message-ID: <20010823101849.A7061@server.speedcom.it> Reply-To: agregorio@acm.org References: <200108221920.HAA303664@ruru.cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <200108221920.HAA303664@ruru.cs.auckland.ac.nz> User-Agent: mymua Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> On Thu, Aug 23, 2001 at 07:20:10AM +1200, Peter Gutmann wrote: > >i see the point, i also understand that version choice in SignedData is > >somewhat a minor issue, but it would be nice if we all stick to cms rfc > >rather than develop something broken just to permit interoperability with > >other broken implementations Hi Peter, > It's really a pragmatic decision, if I do what the RFC says I'll get > 10,000 users complaining that my code is broken because $RANDOM_IMPLEMENTATION > doesn't work with it, if I ignore what the RFC says I'll get one person on a > mailing list :-) saying it's not right. I'll accept the latter as less > painful. > > (Obviously you can never do this for something critical like crypto-related > information, but for something as minor as a version number I doubt I'll be > going to hell for it). <playful argument> AFAIK, while IETF partecipants meet each other three times a year, while they work via mailing list, while they send comments on proposed standards, they are trying to achive interoperability hopefully by _standardization_ :-) Does IETF WGs still make sense if we prefer to be not completelly compliant with RFCs? :-) </playful argument> alfonso Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7N2LqH06022 for ietf-pkix-bks; Wed, 22 Aug 2001 19:21:52 -0700 (PDT) Received: from mtiwmhc24.worldnet.att.net (mtiwmhc24.worldnet.att.net [204.127.131.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f7N2LeD06016 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 19:21:40 -0700 (PDT) Received: from tsg1 ([12.81.64.68]) by mtiwmhc24.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010823022127.OVBR21828.mtiwmhc24.worldnet.att.net@tsg1>; Thu, 23 Aug 2001 02:21:27 +0000 Message-ID: <07d201c12b7a$41190dd0$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <tho@andxor.com> Cc: <ietf-pkix@imc.org>, <r.galli@com-and.com> References: <200108220003.MAA281047@ruru.cs.auckland.ac.nz> Subject: Re: New test TSA available Date: Wed, 22 Aug 2001 19:15:42 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> ----- Original Message ----- From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz> To: <pgut001@cs.auckland.ac.nz>; <tho@andxor.com> Cc: <ietf-pkix@imc.org>; <r.galli@com-and.com> Sent: Tuesday, August 21, 2001 5:03 PM Subject: Re: New test TSA available > > tho <tho@andxor.com> writes: > > >(A) draft-ietf-pkix-time-stamp-15 states that eContentType for a time > > stamping token should be id-ct-TSTInfo why is it instead set to > > id-data ? > > Probably because the implementation was done back when draft-06 or > something was current :-). This is also why various other things > required by newer drafts aren't present, I'll fix this when I next > update the code (because of the environment it's in, there's a bit of > latency involved when making changes). > The TSA should by its response message also identify which standard or draft level it complies to. > >since the encapsulated content type is set to id-data, version > >field in SignedData is (`correctly' since (A)) set to 1 and not to 3 > > This one's deliberate, since CMS implementations are split 50/50 between > ones which ignore the version entirely and ones which require it to be > what PKCS #7 set it to, I always use the PKCS #7 version value because > that means it'll work with everything. > > >signatureAlgorithm in SignerInfo is rsaEncryption, shouldn't it be more > >likely sha1withRSAEncryption ? > > Since the CMS signature splits the hash and signing algorithm, the first > OID is a pure hash (SHA-1) and the second is a pure signature algorithm > (RSA). > > Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7MMlv428358 for ietf-pkix-bks; Wed, 22 Aug 2001 15:47:57 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7MMltN28354 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 15:47:55 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id SAA159572; Wed, 22 Aug 2001 18:45:41 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f7MMdqk79376; Wed, 22 Aug 2001 18:39:52 -0400 Importance: Normal Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) To: Steve Hanna <steve.hanna@sun.com> Cc: Peter Sylvester <Peter.Sylvester@edelweb.fr>, ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-ID: <OFE80194B9.B4D5BE34-ON85256AB0.007BF5B4@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Wed, 22 Aug 2001 18:47:53 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 08/22/2001 06:47:49 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Actually, I think we could stop people from playing games with TeletexString in excludedSubtrees by requiring that any validator consider that a TeletexString which he cannot convert to UTF-8 successfully be considered to match any excluded subtree with that same attribute specified as UTF8String, UniversalString, or BMPString. That doesn't, of course, prevent someone from adding a junk character to a Unicode encoding, skipping accents, or such, so it's probably still bad practice. On a more constructive note, however, any attribute which can only be encoded in PrintableString or NumericString (or Object ID) can safely be used in excludedSubtrees. The most useful of these is probably Country. Tom Gindin Steve Hanna <steve.hanna@sun.com>@mail.imc.org on 08/22/2001 05:17:11 PM Sent by: owner-ietf-pkix@mail.imc.org To: Peter Sylvester <Peter.Sylvester@edelweb.fr> cc: ietf-pkix@imc.org Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) Peter Sylvester wrote: > Chapter 4.1.1.11 says: > > When applying restrictions of the form directoryName, an > implementation MUST compare DN attributes. At a minimum, > implementations MUST perform the DN comparison rules specified in > Section 4.1.2.4. CAs issuing certificates with a restriction of the > form directoryName SHOULD NOT rely on implementation of the full ISO > DN name comparison algorithm. This implies name restrictions shall > be stated identically to the encoding used in the subject field or > subjectAltName extension. > > Does this mean that excludedSubtrees are practically unusable ? That depends. They're still usable for name types other than directoryName. And if you know (somehow, via some out of band mechanism) that the relying party will only accept or trust printableString (or a small subset of UTF8String), then you can use excludedSubtrees for directoryName. Admittedly, that's not very likely and not good practice. That's why the last paragraph in the Security Considerations section talks about this problem and ends by saying "To avoid acceptance of invalid paths, CAs SHOULD state name constraints for distinguished names as permittedSubtrees wherever possible." It's very hard to make excludedSubtrees work with multiple encodings (or even with a large character set like Unicode). It's like trying to hit a bullet with a bullet. Even if we required everyone to implement full ISO name comparison rules for UTF8String and PrintableString, the bad guys could encode their name with TeletexString using escape sequences or add an accent to a character in a UTF8String or change one character in an excluded name to another Unicode character that looks similar ... -Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7MLk1f27197 for ietf-pkix-bks; Wed, 22 Aug 2001 14:46:01 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7MLjxN27193 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 14:45:59 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 22 Aug 2001 21:43:43 UT Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id RAA13267 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 17:45:23 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <QTWCQN1W>; Wed, 22 Aug 2001 17:46:01 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.56]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWCQN1Q; Wed, 22 Aug 2001 17:45:55 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Peter Sylvester <Peter.Sylvester@edelweb.fr> Cc: ietf-pkix@imc.org Message-Id: <5.0.1.4.2.20010822172641.02bf4730@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Wed, 22 Aug 2001 17:28:08 -0400 Subject: Re: draft-ietf-pkix-new-part1-08 In-Reply-To: <200108221304.PAA08679@emeriau.edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter: Not completely. It just means that you cannot rely on white space trimming and case changes in any character encoding other than PrintableString. Russ At 03:04 PM 8/22/2001 +0200, Peter Sylvester wrote: >Chapter 4.1.1.11 says: > > When applying restrictions of the form directoryName, an > implementation MUST compare DN attributes. At a minimum, > implementations MUST perform the DN comparison rules specified in > Section 4.1.2.4. CAs issuing certificates with a restriction of the > form directoryName SHOULD NOT rely on implementation of the full ISO > DN name comparison algorithm. This implies name restrictions shall > be stated identically to the encoding used in the subject field or > subjectAltName extension. > >Does this mean that excludedSubtrees are practically unusable ? Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7MLhDs27128 for ietf-pkix-bks; Wed, 22 Aug 2001 14:43:13 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7MLhCN27124 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 14:43:12 -0700 (PDT) Received: from sdtihq24.securid.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 22 Aug 2001 21:40:55 UT Received: from tuna.rsa.com (tuna.rsa.com [10.80.211.153]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id RAA13042 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 17:42:31 -0400 (EDT) Received: from rsasecurity.com ([10.81.217.242]) by tuna.rsa.com (8.8.8+Sun/8.8.8) with ESMTP id OAA03619 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 14:45:08 -0700 (PDT) Message-ID: <3B8426F7.ACA4DF24@rsasecurity.com> Date: Wed, 22 Aug 2001 14:41:11 -0700 From: Jeff Jacoby <jjacoby@rsasecurity.com> Organization: RSA Security, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 References: <3B82DCCA.3AE02568@rsasecurity.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> "Jacoby, Jeffrey" wrote: > > To all, > > Jumping on the bandwagon here... > > There are three points I believe could use clarification (at least > I'm having trouble grokking them). One more minor item. The term "any-policy" is used throughout the document . However, the ASN.1 name is anyPolicy: anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificate-policies 0 } and in fact "anyPolicy" is also used in several places in the document. Is the use of "any-policy" meant to imply a difference from "anyPolicy", or do these two terms really mean the exact same thing? If the latter, then I believe "any-policy" should be replaced by "anyPolicy" throughout. Jeff -- Jeff Jacoby, Sr. Programmer RSA Security Inc., SMDC jjacoby@rsasecurity.com 2755 Campus Dr., Ste. 300 (650) 295-7569 San Mateo, CA 94403 Received: by above.proper.com (8.11.3/8.11.3) id f7MLHnE26536 for ietf-pkix-bks; Wed, 22 Aug 2001 14:17:49 -0700 (PDT) Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7MLHlN26532 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 14:17:47 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id PAA15527; Wed, 22 Aug 2001 15:17:46 -0600 (MDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id RAA06103; Wed, 22 Aug 2001 17:17:48 -0400 (EDT) Message-ID: <3B842157.E3D2870F@sun.com> Date: Wed, 22 Aug 2001 17:17:11 -0400 From: Steve Hanna <steve.hanna@sun.com> Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08) References: <200108221304.PAA08679@emeriau.edelweb.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter Sylvester wrote: > Chapter 4.1.1.11 says: > > When applying restrictions of the form directoryName, an > implementation MUST compare DN attributes. At a minimum, > implementations MUST perform the DN comparison rules specified in > Section 4.1.2.4. CAs issuing certificates with a restriction of the > form directoryName SHOULD NOT rely on implementation of the full ISO > DN name comparison algorithm. This implies name restrictions shall > be stated identically to the encoding used in the subject field or > subjectAltName extension. > > Does this mean that excludedSubtrees are practically unusable ? That depends. They're still usable for name types other than directoryName. And if you know (somehow, via some out of band mechanism) that the relying party will only accept or trust printableString (or a small subset of UTF8String), then you can use excludedSubtrees for directoryName. Admittedly, that's not very likely and not good practice. That's why the last paragraph in the Security Considerations section talks about this problem and ends by saying "To avoid acceptance of invalid paths, CAs SHOULD state name constraints for distinguished names as permittedSubtrees wherever possible." It's very hard to make excludedSubtrees work with multiple encodings (or even with a large character set like Unicode). It's like trying to hit a bullet with a bullet. Even if we required everyone to implement full ISO name comparison rules for UTF8String and PrintableString, the bad guys could encode their name with TeletexString using escape sequences or add an accent to a character in a UTF8String or change one character in an excluded name to another Unicode character that looks similar ... -Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7MJL0c24242 for ietf-pkix-bks; Wed, 22 Aug 2001 12:21:00 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7MJKwN24234 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 12:20:58 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id HAA13553; Thu, 23 Aug 2001 07:20:20 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id HAA303664; Thu, 23 Aug 2001 07:20:10 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Thu, 23 Aug 2001 07:20:10 +1200 (NZST) Message-ID: <200108221920.HAA303664@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, tho@andxor.com Subject: Re: New test TSA available Cc: ietf-pkix@imc.org, r.galli@com-and.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> tho <tho@andxor.com> writes: >Peter Gutmann wrote: >>>since the encapsulated content type is set to id-data, version >>>field in SignedData is (`correctly' since (A)) set to 1 and not to 3 >> >>This one's deliberate, since CMS implementations are split 50/50 between >>ones which ignore the version entirely and ones which require it to be >>what PKCS #7 set it to, I always use the PKCS #7 version value because >>that means it'll work with everything. > >i see the point, i also understand that version choice in SignedData is >somewhat a minor issue, but it would be nice if we all stick to cms rfc >rather than develop something broken just to permit interoperability with >other broken implementations It's really a pragmatic decision, if I do what the RFC says I'll get 10,000 users complaining that my code is broken because $RANDOM_IMPLEMENTATION doesn't work with it, if I ignore what the RFC says I'll get one person on a mailing list :-) saying it's not right. I'll accept the latter as less painful. (Obviously you can never do this for something critical like crypto-related information, but for something as minor as a version number I doubt I'll be going to hell for it). >the former should be read taking into account the fact that the number of >tsp client at present is still rather small and developers are surely in >time to fix their bugs :)) The problem is that my code (and I assume a lot of other code as well) isn't only a TSA implementation, it's TSA built using generic PKCS #7/ CMS code, which means that "fixing" the TSA would require fixing an arbitrarily large number of PKCS #7/CMS implementations. I really have no strong opinion either way, I'm just pointing out that the situation isn't as straightforward as it seems. Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7MDwMs11248 for ietf-pkix-bks; Wed, 22 Aug 2001 06:58:22 -0700 (PDT) Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7MDwIN11244 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 06:58:18 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <Q8L2B7WX>; Wed, 22 Aug 2001 09:58:13 -0400 Message-ID: <8D7EC1912E25D411A32100D0B76953975A64B9@scygmxs01.cygnacom.com> From: Peter Hesse <pmhesse@cygnacom.com> To: "'Hiroyuki Sakakibara'" <sakaki@iss.isl.melco.co.jp>, "Housley, Russ" <rhousley@rsasecurity.com>, Peter Hesse <pmhesse@cygnacom.com> Cc: ietf-pkix@imc.org Subject: Path validation and self-signed certificates (was RE: Recommended changes to draft-ietf-pkix-new-part1-08) Date: Wed, 22 Aug 2001 09:46:25 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C12B10.D5D40E80" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C12B10.D5D40E80 Content-Type: text/plain; charset="iso-8859-1" Hiroyuki, I will attempt to discuss a few of these issues inline. > -----Original Message----- > From: Hiroyuki Sakakibara [mailto:sakaki@iss.isl.melco.co.jp] > Sent: Wednesday, August 22, 2001 1:51 AM > To: Housley, Russ; Peter Hesse > Cc: wford@verisign.com; wpolk@nist.gov; dsolo@alum.mit.edu; > ietf-pkix@imc.org; iesg@ietf.org > Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 > > > Hello. I have a comment related to path validation with a self-signed > certificate. > > I think that in 6.1 Basic Path Validation, it is not clear > that whether > self-signed > NON trust certificates may be included in a path or not. > (namely intermediate self-signed certs, not oldWithNew, newWithOld) > > Plese note that I am not talking about a self-signed > certificate to begin a > path, > talking about self-signed certificates in the middle of a path. I think this vagueness is somewhat purposeful. It is not directly allowed or prohibited. Whether or not a self-signed certificate is found within the path, the path is still complete. Any benefit or detriment that comes from having the self-signed certificate within the path will not always be encountered for two reasons, 1) Other implementations may not allow the path to have a self-signed certificate within it 2) You may find the path without the self-signed certificate first > > For example, > > CA1 cross certifies with BridgeCA > CA2 cross certifies with BridgeCA > CA2 issues Cert_EE.(EndEntity cert) > SelfSignedCert_CA1 is trust anchor. > BridgeCA has a selfsigned certificate(SelfSignedCert_BridgeCA). > > Based on the relation ship between issuer and subject or AKI/SKI, > the following 2 paths would be constructed. > > (1) SelfSignedCert_CA1 -> CrossCert_CA1toBridgeCA > -> CrossCert_BridgeCAtoCA2 -> Cert_EE > > (2) SelfSigned_CA1 -> CrossCert_CA1toBridgeCA > -> SelfSignedCert_BridgeCA -> CrossCert_BridgeCAtoCA2 -> Cert_EE I think it is a bad idea for Bridge CAs to post self-signed certificates in the directory. They are not a trust anchor for anyone, so they should not publish a self-signed certificate as a key container. However this point and demonstration remain the same if you consider just three CAs that have cross-certified without a bridge. > I suppose that most validation softwares implement (1), simple one, > and it could be a minimum requirement for interoperability. > > In case of (2), there is an advantage that a validation > software could > check > the status of SelfSignedCert_BridgeCA, shown in the appendix below. > > So, I think that it should be clear that intermediate self-signed > certificates may be > included(optionally), or ignored, in the document. > I think that (1) is mandatory, and (2) is optional(not inhibited). > > Folks, what do you think about this issue ? Again, my opinion is that since both are complete paths, both are equally valid and may be used by different implementations. However, many implementations have made a simplifying assumption to prevent certificate path loops which would prevent #2 from ever being validated. So any benefit that might be gained by allowing #2 cannot be counted on. There seems to be little benefit gained by including two or more certificates with the same subject distinguished name and subject public key within the same path. I have looked through your examples below and must admit I am not understanding them fully. Let's look at this example TR -> A -> B -> (B self signed) -> C -> EE Let's say that A->B has a notAfter date of 12/31/2002, (B self signed) has a notAfter date of 12/31/2001, and B->C has a notAfter date of 12/31/2002. If this path was developed and validated, the path would be invalid if the current date was after 12/31/2001. > * About ISO/IEC 9594-8 > > According to current ISO/IEC 9594-8 document, in 8.1.5 Self-Issued > certificates > it seems that intermediate self-signed certificates shall be > ignored in path > construction/validation. > However, considering the advantage of checking intermediate > self-signed > certificates shown below, > I don't understand why they "shall be ignored", > because checking them would be meaningful from the point of view of > security. > > I think that investigation of intermediate self-signed > ceritificates may be > optional, > should not inhibited, so, "may be ignored" would be better. > > This is not a mailing list for 9594-8, however RFC2459 > related documents are > based on > 9594-8, so, I will also send my opinioin about it. > > -------------------- Advantage of validation of path > (2) -------------------- > > If a validation software implements (2), > the software could check the validity status of > SelfSignedCert_BridgeCA. > > Assume that CA1 issues a cross certificate whose > notAfter excess notAfter of self-signed certificate of BridgeCA. > > such as > notAfter of SelfSignedCert_BridgeCA is "2001/12/31" > notAfter of CrossCert_CA1toBridgeCA is "2002/12/31" . > > when BridgeCA inhibits such cross certificate, it will be an invalid > cross-certificate. > > Useally, BridgeCA checks a cross-certificate from CA1 when issuance, > however, if CA1 is a rough CA, or a bug CA(including mis-operations), > after issuance of a valid cross certificate, > CA1 could issue an additional invalid certificate and > distribute it to LDAP > etc... > without BrigeCA's permission . > > ( In this case, for a RP, CA1 is a trust anchor, so, CA1 must > not be a rough > CA, however, this kind of rough operation would happen in > another example. > for example, > > CA1(has self-signed cert, trust anchor) -> CA2(has > self-signed cert) -> CA3 > -> CA4( has self-signed cert) -> EE > > CA3 issues an invalid cross certificate to CA4. > In this example, a trust anchor CA1 behaves properly, however, > CA3 does rough operations. ) > > RP could check the revocation status of Cert_BridgeCASelfsigned also. > In the case of self-signed revocation, I am not sure why a CA would revoke itself. If the CA was truly operating as a "rogue", it would not revoke itself in order to keep whatever trust it still had. Can you trust a CA that revokes itself? I am reminded of the old puzzle in which you encounter two people at a crossroads, a truthteller and a liar. You do not know which is which, and must ask one of them a question in order to know if you should turn left or right to get to where you want to go. --Peter ---------------------------------------------------------------- Peter M. Hesse CygnaCom Solutions, a division of Phone: 703-270-3523 Entrust ICQ: 1942828 Securing the Internet ---------------------------------------------------------------- "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius > This kind of problem would happen in a multi CA products environment. > > To avoid this problem, interoperability test, operation, management > among multi CA products should be done well, > or a RP should check the status of intermediate self-signed > certificates, > or a CA which cross-certifies with other CAs should observe > behavior of > other CAs, etc...? > ------_=_NextPart_001_01C12B10.D5D40E80 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>Path validation and self-signed certificates (was RE: = Recommended changes to draft-ietf-pkix-new-part1-08)</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>Hiroyuki,</FONT> </P> <P><FONT SIZE=3D2>I will attempt to discuss a few of these issues = inline.</FONT> </P> <P><FONT SIZE=3D2>> -----Original Message-----</FONT> <BR><FONT SIZE=3D2>> From: Hiroyuki Sakakibara [<A = HREF=3D"mailto:sakaki@iss.isl.melco.co.jp">mailto:sakaki@iss.isl.melco.c= o.jp</A>]</FONT> <BR><FONT SIZE=3D2>> Sent: Wednesday, August 22, 2001 1:51 AM</FONT> <BR><FONT SIZE=3D2>> To: Housley, Russ; Peter Hesse</FONT> <BR><FONT SIZE=3D2>> Cc: wford@verisign.com; wpolk@nist.gov; = dsolo@alum.mit.edu;</FONT> <BR><FONT SIZE=3D2>> ietf-pkix@imc.org; iesg@ietf.org</FONT> <BR><FONT SIZE=3D2>> Subject: Re: Recommended changes to = draft-ietf-pkix-new-part1-08</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Hello. I have a comment related to path = validation with a self-signed</FONT> <BR><FONT SIZE=3D2>> certificate.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> I think that in 6.1 Basic Path = Validation, it is not clear </FONT> <BR><FONT SIZE=3D2>> that whether</FONT> <BR><FONT SIZE=3D2>> self-signed</FONT> <BR><FONT SIZE=3D2>> NON trust certificates may be included in a = path or not.</FONT> <BR><FONT SIZE=3D2>> (namely intermediate self-signed certs, not = oldWithNew, newWithOld)</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> Plese note that I am not talking about a = self-signed </FONT> <BR><FONT SIZE=3D2>> certificate to begin a</FONT> <BR><FONT SIZE=3D2>> path,</FONT> <BR><FONT SIZE=3D2>> talking about self-signed certificates in the = middle of a path.</FONT> </P> <P><FONT SIZE=3D2>I think this vagueness is somewhat purposeful. = It is not directly allowed or prohibited. Whether or not a = self-signed certificate is found within the path, the path is still = complete. Any benefit or detriment that comes from having the = self-signed certificate within the path will not always be encountered = for two reasons, </FONT></P> <P> <FONT SIZE=3D2>1) Other = implementations may not allow the path to have a self-signed = certificate within it</FONT> <BR> <FONT SIZE=3D2>2) You = may find the path without the self-signed certificate first</FONT> </P> <P><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> For example,</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> CA1 cross certifies with BridgeCA</FONT> <BR><FONT SIZE=3D2>> CA2 cross certifies with BridgeCA</FONT> <BR><FONT SIZE=3D2>> CA2 issues Cert_EE.(EndEntity cert)</FONT> <BR><FONT SIZE=3D2>> SelfSignedCert_CA1 is trust anchor.</FONT> <BR><FONT SIZE=3D2>> BridgeCA has a selfsigned = certificate(SelfSignedCert_BridgeCA).</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Based on the relation ship between issuer and = subject or AKI/SKI,</FONT> <BR><FONT SIZE=3D2>> the following 2 paths would be = constructed.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> (1) SelfSignedCert_CA1 -> = CrossCert_CA1toBridgeCA</FONT> <BR><FONT SIZE=3D2>> -> = CrossCert_BridgeCAtoCA2 -> Cert_EE</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> (2) SelfSigned_CA1 -> = CrossCert_CA1toBridgeCA</FONT> <BR><FONT SIZE=3D2>> -> = SelfSignedCert_BridgeCA -> CrossCert_BridgeCAtoCA2 -> = Cert_EE</FONT> </P> <P><FONT SIZE=3D2>I think it is a bad idea for Bridge CAs to post = self-signed certificates in the directory. They are not a trust = anchor for anyone, so they should not publish a self-signed certificate = as a key container. However this point and demonstration remain = the same if you consider just three CAs that have cross-certified = without a bridge.</FONT></P> <P><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>> I suppose that most validation softwares = implement (1), simple one,</FONT> <BR><FONT SIZE=3D2>> and it could be a minimum requirement for = interoperability.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> In case of (2), there is an advantage = that a validation </FONT> <BR><FONT SIZE=3D2>> software could</FONT> <BR><FONT SIZE=3D2>> check</FONT> <BR><FONT SIZE=3D2>> the status of SelfSignedCert_BridgeCA, shown in = the appendix below.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> So, I think that it should be clear that = intermediate self-signed</FONT> <BR><FONT SIZE=3D2>> certificates may be</FONT> <BR><FONT SIZE=3D2>> included(optionally), or ignored, in the = document.</FONT> <BR><FONT SIZE=3D2>> I think that (1) is mandatory, and (2) is = optional(not inhibited).</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Folks, what do you think about this issue = ?</FONT> </P> <P><FONT SIZE=3D2>Again, my opinion is that since both are complete = paths, both are equally valid and may be used by different = implementations. However, many implementations have made a = simplifying assumption to prevent certificate path loops which would = prevent #2 from ever being validated. So any benefit that might = be gained by allowing #2 cannot be counted on.</FONT></P> <P><FONT SIZE=3D2>There seems to be little benefit gained by including = two or more certificates with the same subject distinguished name and = subject public key within the same path. I have looked through = your examples below and must admit I am not understanding them = fully. Let's look at this example</FONT></P> <P><FONT SIZE=3D2>TR -> A -> B -> (B self signed) -> C = -> EE</FONT> </P> <P><FONT SIZE=3D2>Let's say that A->B has a notAfter date of = 12/31/2002, (B self signed) has a notAfter date of 12/31/2001, and = B->C has a notAfter date of 12/31/2002. If this path was = developed and validated, the path would be invalid if the current date = was after 12/31/2001.</FONT></P> <P><FONT SIZE=3D2>> * About ISO/IEC 9594-8</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> According to current ISO/IEC 9594-8 document, = in 8.1.5 Self-Issued</FONT> <BR><FONT SIZE=3D2>> certificates</FONT> <BR><FONT SIZE=3D2>> it seems that intermediate self-signed = certificates shall be </FONT> <BR><FONT SIZE=3D2>> ignored in path</FONT> <BR><FONT SIZE=3D2>> construction/validation.</FONT> <BR><FONT SIZE=3D2>> However, considering the advantage of = checking intermediate </FONT> <BR><FONT SIZE=3D2>> self-signed</FONT> <BR><FONT SIZE=3D2>> certificates shown below,</FONT> <BR><FONT SIZE=3D2>> I don't understand why they "shall = be ignored",</FONT> <BR><FONT SIZE=3D2>> because checking them would be meaningful from = the point of view of</FONT> <BR><FONT SIZE=3D2>> security.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> I think that investigation of intermediate = self-signed </FONT> <BR><FONT SIZE=3D2>> ceritificates may be</FONT> <BR><FONT SIZE=3D2>> optional,</FONT> <BR><FONT SIZE=3D2>> should not inhibited, so, "may be = ignored" would be better.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> This is not a mailing list for 9594-8, however = RFC2459 </FONT> <BR><FONT SIZE=3D2>> related documents are</FONT> <BR><FONT SIZE=3D2>> based on</FONT> <BR><FONT SIZE=3D2>> 9594-8, so, I will also send my opinioin about = it.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> -------------------- Advantage of = validation of path</FONT> <BR><FONT SIZE=3D2>> (2) --------------------</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> If a validation software implements (2),</FONT> <BR><FONT SIZE=3D2>> the software could check the validity status of = </FONT> <BR><FONT SIZE=3D2>> SelfSignedCert_BridgeCA.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Assume that CA1 issues a cross certificate = whose</FONT> <BR><FONT SIZE=3D2>> notAfter excess notAfter of self-signed = certificate of BridgeCA.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> such as</FONT> <BR><FONT SIZE=3D2>> notAfter of SelfSignedCert_BridgeCA is = "2001/12/31"</FONT> <BR><FONT SIZE=3D2>> notAfter of CrossCert_CA1toBridgeCA is = "2002/12/31" .</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> when BridgeCA inhibits such cross certificate, = it will be an invalid</FONT> <BR><FONT SIZE=3D2>> cross-certificate.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Useally, BridgeCA checks a cross-certificate = from CA1 when issuance,</FONT> <BR><FONT SIZE=3D2>> however, if CA1 is a rough CA, or a bug = CA(including mis-operations),</FONT> <BR><FONT SIZE=3D2>> after issuance of a valid cross = certificate,</FONT> <BR><FONT SIZE=3D2>> CA1 could issue an additional invalid = certificate and </FONT> <BR><FONT SIZE=3D2>> distribute it to LDAP</FONT> <BR><FONT SIZE=3D2>> etc...</FONT> <BR><FONT SIZE=3D2>> without BrigeCA's permission .</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> ( In this case, for a RP, CA1 is a trust = anchor, so, CA1 must </FONT> <BR><FONT SIZE=3D2>> not be a rough</FONT> <BR><FONT SIZE=3D2>> CA, however, this kind of rough operation would = happen in </FONT> <BR><FONT SIZE=3D2>> another example.</FONT> <BR><FONT SIZE=3D2>> for example,</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> CA1(has self-signed cert, trust anchor) -> = CA2(has </FONT> <BR><FONT SIZE=3D2>> self-signed cert) -> CA3</FONT> <BR><FONT SIZE=3D2>> -> CA4( has self-signed cert) -> = EE</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> CA3 issues an invalid cross certificate to = CA4.</FONT> <BR><FONT SIZE=3D2>> In this example, a trust anchor CA1 behaves = properly, however,</FONT> <BR><FONT SIZE=3D2>> CA3 does rough operations. )</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> RP could check the revocation status of = Cert_BridgeCASelfsigned also.</FONT> <BR><FONT SIZE=3D2>> </FONT> </P> <P><FONT SIZE=3D2>In the case of self-signed revocation, I am not sure = why a CA would revoke itself. If the CA was truly operating as a = "rogue", it would not revoke itself in order to keep whatever = trust it still had. Can you trust a CA that revokes itself? = I am reminded of the old puzzle in which you encounter two people at a = crossroads, a truthteller and a liar. You do not know which is = which, and must ask one of them a question in order to know if you = should turn left or right to get to where you want to go. = </FONT></P> <P><FONT SIZE=3D2>--Peter</FONT> </P> <P><FONT = SIZE=3D2>---------------------------------------------------------------= - </FONT> <BR><FONT SIZE=3D2> Peter M. = Hesse = CygnaCom Solutions, a division of</FONT> <BR><FONT SIZE=3D2> Phone: = 703-270-3523 = Entrust</FONT> <BR><FONT SIZE=3D2> ICQ: = 1942828  = ; Securing the Internet</FONT> <BR><FONT = SIZE=3D2>---------------------------------------------------------------= - </FONT> <BR><FONT SIZE=3D2>"Pay no attention to what the critics say; = there has never been </FONT> <BR><FONT SIZE=3D2>a statue set up in honor of a critic." --Jean = Sibelius</FONT> </P> <BR> <P><FONT SIZE=3D2>> This kind of problem would happen in a multi CA = products environment.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> To avoid this problem, interoperability test, = operation, management</FONT> <BR><FONT SIZE=3D2>> among multi CA products should be done = well,</FONT> <BR><FONT SIZE=3D2>> or a RP should check the status of intermediate = self-signed </FONT> <BR><FONT SIZE=3D2>> certificates,</FONT> <BR><FONT SIZE=3D2>> or a CA which cross-certifies with other CAs = should observe </FONT> <BR><FONT SIZE=3D2>> behavior of</FONT> <BR><FONT SIZE=3D2>> other CAs, etc...?</FONT> <BR><FONT SIZE=3D2>> </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C12B10.D5D40E80-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7MD4oS09984 for ietf-pkix-bks; Wed, 22 Aug 2001 06:04:50 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7MD4lN09980 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 06:04:47 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id PAA06289 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 15:04:47 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 22 Aug 2001 15:04:48 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id PAA15396 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 15:04:46 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id PAA08679 for ietf-pkix@imc.org; Wed, 22 Aug 2001 15:04:46 +0200 (MET DST) Date: Wed, 22 Aug 2001 15:04:46 +0200 (MET DST) Message-Id: <200108221304.PAA08679@emeriau.edelweb.fr> To: ietf-pkix@imc.org Subject: draft-ietf-pkix-new-part1-08 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Chapter 4.1.1.11 says: When applying restrictions of the form directoryName, an implementation MUST compare DN attributes. At a minimum, implementations MUST perform the DN comparison rules specified in Section 4.1.2.4. CAs issuing certificates with a restriction of the form directoryName SHOULD NOT rely on implementation of the full ISO DN name comparison algorithm. This implies name restrictions shall be stated identically to the encoding used in the subject field or subjectAltName extension. Does this mean that excludedSubtrees are practically unusable ? Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7MB2b802309 for ietf-pkix-bks; Wed, 22 Aug 2001 04:02:37 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7MB2ZN02305 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 04:02:36 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA29368; Wed, 22 Aug 2001 07:01:18 -0400 (EDT) Message-Id: <200108221101.HAA29368@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-pkalgs-supp-00.txt Date: Wed, 22 Aug 2001 07:01:17 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Supplemental Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRL Profile Author(s) : A. Singer, W. Whyte Filename : draft-ietf-pkix-pkalgs-supp-00.txt Pages : 24 Date : 21-Aug-01 This document specifies algorithm identifiers and ASN.1 encoding formats for digital signatures and subject public keys, including NSS digital signatures and NTRU and NSS subject public keys used in the Internet X.509 Public Key Infrastructure (PKI). Digital signatures are used to sign certificates and certificate revocation lists (CRLs). Certificates include the public key of the named subject. This document is intended to be a companion to draft-ietf- pkix-ipki-pkalgs-03.txt [PKIX-ALGS] and may be merged with that document in future revisions if approved by the PKIX working group. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-pkalgs-supp-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-pkalgs-supp-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-pkalgs-supp-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010821100903.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-pkalgs-supp-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-pkalgs-supp-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010821100903.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by above.proper.com (8.11.3/8.11.3) id f7M9Jsc25052 for ietf-pkix-bks; Wed, 22 Aug 2001 02:19:54 -0700 (PDT) Received: from firewall.andxor.it (firewall.andxor.it [195.223.2.2]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7M9JpN25048 for <ietf-pkix@imc.org>; Wed, 22 Aug 2001 02:19:51 -0700 (PDT) Received: from tho.andxor.com (tho.andxor.it [195.223.2.222]) by firewall.andxor.it (8.9.2/8.9.2) with ESMTP id LAA06615; Wed, 22 Aug 2001 11:19:50 +0200 (CEST) (envelope-from tho@tho.andxor.com) Received: (from tho@localhost) by tho.andxor.com (8.9.3/8.9.3) id LAA24594; Wed, 22 Aug 2001 11:19:49 +0200 (CEST) (envelope-from tho) Date: Wed, 22 Aug 2001 11:19:49 +0200 From: tho <tho@andxor.com> To: Peter Gutmann <pgut001@cs.auckland.ac.nz> Cc: ietf-pkix@imc.org, r.galli@com-and.com Subject: Re: New test TSA available Message-ID: <20010822111948.A24464@tho.andxor.com> References: <200108220003.MAA281047@ruru.cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200108220003.MAA281047@ruru.cs.auckland.ac.nz>; from pgut001@cs.auckland.ac.nz on Wed, Aug 22, 2001 at 12:03:49PM +1200 X-Operating-System: FreeBSD Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter Gutmann wrote: > >since the encapsulated content type is set to id-data, version > >field in SignedData is (`correctly' since (A)) set to 1 and not to 3 > > This one's deliberate, since CMS implementations are split 50/50 between > ones which ignore the version entirely and ones which require it to be > what PKCS #7 set it to, I always use the PKCS #7 version value because > that means it'll work with everything. i see the point, i also understand that version choice in SignedData is somewhat a minor issue, but it would be nice if we all stick to cms rfc rather than develop something broken just to permit interoperability with other broken implementations the former should be read taking into account the fact that the number of tsp client at present is still rather small and developers are surely in time to fix their bugs :)) my two bits, tho -- (__) (oo) \/-------\ || | \ ||---W|| * Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7M5igC27606 for ietf-pkix-bks; Tue, 21 Aug 2001 22:44:42 -0700 (PDT) Received: from mx01.melco.co.jp (mx01.melco.co.jp [192.218.140.41]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7M5idN27600 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 22:44:40 -0700 (PDT) Received: by mx01.melco.co.jp (mx01) id OAA28808; Wed, 22 Aug 2001 14:44:42 +0900 (JST) Received: by mr02.melco.co.jp (mr02) id OAA12142; Wed, 22 Aug 2001 14:44:41 +0900 (JST) Received: from elmail by elgw.isl.melco.co.jp (8.8.8/3.6W) id OAA13001; Wed, 22 Aug 2001 14:44:39 +0900 (JST) Received: from iss.isl.melco.co.jp (iss.isl.melco.co.jp [10.74.5.60]) by elmail.isl.melco.co.jp (iPlanet Messaging Server 5.0 Patch 3 (built Mar 23 2001)) with ESMTP id <0GIG00ELFFYC94@elmail.isl.melco.co.jp> for ietf-pkix@imc.org; Wed, 22 Aug 2001 14:44:36 +0900 (JST) Received: from belize by iss.isl.melco.co.jp (8.8.8/3.6W) id OAA13443; Wed, 22 Aug 2001 14:44:36 +0900 (JST) Date: Wed, 22 Aug 2001 14:50:44 +0900 From: Hiroyuki Sakakibara <sakaki@iss.isl.melco.co.jp> Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 To: "Housley, Russ" <rhousley@rsasecurity.com>, Peter Hesse <pmhesse@cygnacom.com> Cc: wford@verisign.com, wpolk@nist.gov, dsolo@alum.mit.edu, ietf-pkix@imc.org, iesg@ietf.org Message-id: <009b01c12ace$6277c310$78054a0a@iss.isl.melco.co.jp> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: <5.0.1.4.2.20010821165303.0290a648@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Hello. I have a comment related to path validation with a self-signed certificate. I think that in 6.1 Basic Path Validation, it is not clear that whether self-signed NON trust certificates may be included in a path or not. (namely intermediate self-signed certs, not oldWithNew, newWithOld) Plese note that I am not talking about a self-signed certificate to begin a path, talking about self-signed certificates in the middle of a path. For example, CA1 cross certifies with BridgeCA CA2 cross certifies with BridgeCA CA2 issues Cert_EE.(EndEntity cert) SelfSignedCert_CA1 is trust anchor. BridgeCA has a selfsigned certificate(SelfSignedCert_BridgeCA). Based on the relation ship between issuer and subject or AKI/SKI, the following 2 paths would be constructed. (1) SelfSignedCert_CA1 -> CrossCert_CA1toBridgeCA -> CrossCert_BridgeCAtoCA2 -> Cert_EE (2) SelfSigned_CA1 -> CrossCert_CA1toBridgeCA -> SelfSignedCert_BridgeCA -> CrossCert_BridgeCAtoCA2 -> Cert_EE I suppose that most validation softwares implement (1), simple one, and it could be a minimum requirement for interoperability. In case of (2), there is an advantage that a validation software could check the status of SelfSignedCert_BridgeCA, shown in the appendix below. So, I think that it should be clear that intermediate self-signed certificates may be included(optionally), or ignored, in the document. I think that (1) is mandatory, and (2) is optional(not inhibited). Folks, what do you think about this issue ? * About ISO/IEC 9594-8 According to current ISO/IEC 9594-8 document, in 8.1.5 Self-Issued certificates it seems that intermediate self-signed certificates shall be ignored in path construction/validation. However, considering the advantage of checking intermediate self-signed certificates shown below, I don't understand why they "shall be ignored", because checking them would be meaningful from the point of view of security. I think that investigation of intermediate self-signed ceritificates may be optional, should not inhibited, so, "may be ignored" would be better. This is not a mailing list for 9594-8, however RFC2459 related documents are based on 9594-8, so, I will also send my opinioin about it. -------------------- Advantage of validation of path (2) -------------------- If a validation software implements (2), the software could check the validity status of SelfSignedCert_BridgeCA. Assume that CA1 issues a cross certificate whose notAfter excess notAfter of self-signed certificate of BridgeCA. such as notAfter of SelfSignedCert_BridgeCA is "2001/12/31" notAfter of CrossCert_CA1toBridgeCA is "2002/12/31" . when BridgeCA inhibits such cross certificate, it will be an invalid cross-certificate. Useally, BridgeCA checks a cross-certificate from CA1 when issuance, however, if CA1 is a rough CA, or a bug CA(including mis-operations), after issuance of a valid cross certificate, CA1 could issue an additional invalid certificate and distribute it to LDAP etc... without BrigeCA's permission . ( In this case, for a RP, CA1 is a trust anchor, so, CA1 must not be a rough CA, however, this kind of rough operation would happen in another example. for example, CA1(has self-signed cert, trust anchor) -> CA2(has self-signed cert) -> CA3 -> CA4( has self-signed cert) -> EE CA3 issues an invalid cross certificate to CA4. In this example, a trust anchor CA1 behaves properly, however, CA3 does rough operations. ) RP could check the revocation status of Cert_BridgeCASelfsigned also. This kind of problem would happen in a multi CA products environment. To avoid this problem, interoperability test, operation, management among multi CA products should be done well, or a RP should check the status of intermediate self-signed certificates, or a CA which cross-certifies with other CAs should observe behavior of other CAs, etc...? --------------------------------------- Hiroyuki Sakakibara MITSUBISHI ELECTRIC CORPORATION Information Technology R&D Center 5-1-1 Ofuna, Kamakura, Kanagawa, Japan PHONE: +81-467-41-2183 FAX: +81-467-41-2185 E-mail : sakaki@iss.isl.melco.co.jp Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7M04T919230 for ietf-pkix-bks; Tue, 21 Aug 2001 17:04:29 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7M04RN19225 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 17:04:27 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id MAA05657; Wed, 22 Aug 2001 12:03:49 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id MAA281047; Wed, 22 Aug 2001 12:03:49 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Wed, 22 Aug 2001 12:03:49 +1200 (NZST) Message-ID: <200108220003.MAA281047@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, tho@andxor.com Subject: Re: New test TSA available Cc: ietf-pkix@imc.org, r.galli@com-and.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> tho <tho@andxor.com> writes: >(A) draft-ietf-pkix-time-stamp-15 states that eContentType for a time > stamping token should be id-ct-TSTInfo why is it instead set to > id-data ? Probably because the implementation was done back when draft-06 or something was current :-). This is also why various other things required by newer drafts aren't present, I'll fix this when I next update the code (because of the environment it's in, there's a bit of latency involved when making changes). >since the encapsulated content type is set to id-data, version >field in SignedData is (`correctly' since (A)) set to 1 and not to 3 This one's deliberate, since CMS implementations are split 50/50 between ones which ignore the version entirely and ones which require it to be what PKCS #7 set it to, I always use the PKCS #7 version value because that means it'll work with everything. >signatureAlgorithm in SignerInfo is rsaEncryption, shouldn't it be more >likely sha1withRSAEncryption ? Since the CMS signature splits the hash and signing algorithm, the first OID is a pure hash (SHA-1) and the second is a pure signature algorithm (RSA). Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LMEOo17404 for ietf-pkix-bks; Tue, 21 Aug 2001 15:14:24 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7LMEMN17400 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 15:14:22 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 21 Aug 2001 22:12:07 UT Received: from tuna.rsa.com (tuna.rsa.com [10.80.211.153]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id SAA20614 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 18:13:47 -0400 (EDT) Received: from rsasecurity.com ([10.81.217.242]) by tuna.rsa.com (8.8.8+Sun/8.8.8) with ESMTP id PAA01725 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 15:16:22 -0700 (PDT) Message-ID: <3B82DCCA.3AE02568@rsasecurity.com> Date: Tue, 21 Aug 2001 15:12:26 -0700 From: Jeff Jacoby <jjacoby@rsasecurity.com> Organization: RSA Security, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 References: <8D7EC1912E25D411A32100D0B76953975A64AE@scygmxs01.cygnacom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> To all, Jumping on the bandwagon here... There are three points I believe could use clarification (at least I'm having trouble grokking them). Section 6.1.4 Preperation for certificate i+1, step (b)(1). the second paragraph reads: "If no node of depth i in the valid_policy_tree has a valid_policy of ID-P but there is a node of depth i with a valid_policy of any-policy, then generate a child node of the node of depth i-1 that has a valid_policy of any-policy as follows:" Should it really be: "If no node of depth i in the valid_policy_tree has a valid_policy of ID-P but there is a node of depth i-1 with a valid_policy of any-policy, then generate a child node of the node of depth i-1 that has a valid_policy of any-policy as follows:" (note the difference in the first sentence, "i" vs "i-1"). Afterall, the last sentence implies there must be a node of depth i-1 with a valid_policy of any-policy. Second issue is a simple typo. The very last sentence in section 6.1.4 reads: "If (a), (k), (l), (n) and (o) have completed successfully, increment i and perform the basic certificate processing specified in 6.1.2." it should be: "If (a), (k), (l), (n) and (o) have completed successfully, increment i and perform the basic certificate processing specified in 6.1.3." (6.1.2 is Initialization) Finally, in the wrap-up description, section 6.1.5 step (g)(iii) 1. reads: "1. Determine the set of policy nodes whose ancestor nodes have a valid_policy of any-policy. This is the valid_policy_node_set." Since the root node (depth 0) has valid_policy of any-policy, and it is an ancestor to every node in the tree, this would seem to mean (to me) the whole tree is in the valid_policy_node_set. Or does "ancestor node" mean something different? Thanks, Jeff -- Jeff Jacoby, Sr. Programmer RSA Security Inc., SMDC jjacoby@rsasecurity.com 2755 Campus Dr., Ste. 300 (650) 295-7569 San Mateo, CA 94403 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LKt7g15768 for ietf-pkix-bks; Tue, 21 Aug 2001 13:55:07 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7LKt0N15763 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 13:55:00 -0700 (PDT) Received: from sdtihq24.securid.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 21 Aug 2001 20:52:45 UT Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id QAA13071; Tue, 21 Aug 2001 16:54:01 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <QTWCP8MV>; Tue, 21 Aug 2001 16:54:38 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.134]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWCP8MP; Tue, 21 Aug 2001 16:54:32 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Peter Hesse <pmhesse@cygnacom.com> Cc: wford@verisign.com, wpolk@nist.gov, dsolo@alum.mit.edu, ietf-pkix@imc.org, iesg@ietf.org Message-Id: <5.0.1.4.2.20010821165303.0290a648@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Tue, 21 Aug 2001 16:54:22 -0400 Subject: RE: Recommended changes to draft-ietf-pkix-new-part1-08 In-Reply-To: <8D7EC1912E25D411A32100D0B76953975A64B3@scygmxs01.cygnacom. com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter: Thanks for providing the context for your comments. Tim Polk is on vacation this week. I will get with him when he returns, and add some clarifying editorial text. Russ At 04:32 PM 8/21/2001 -0400, Peter Hesse wrote: >Russ, > >I agree with the fact that we must allow self-issued certificates to begin >the path. However, I was saying self-signed, by which I meant "signed by >the private key that goes with the public key in the certificate". I'm >not sure if there is a need to have the self-signed certificate in the >path, but I agree with Steve's point that we don't need to forbid it, we >should recommend against it. > >The idea with my second point was to let validation systems know that "all >certificates in the path" did not necessarily include the self-signed >trusted root certificate. > >The reason this all came up is that during the Bridge CA Phase II >demonstration, we had a PKI that was supposed to issue a name constraint >in their certificate issued to the Bridge, to limit the namespace for >their relying parties. They placed this name constraint in their >self-signed certificate instead of the cross-certificate. Their clients >were all fine with this processing, but when another party tried to >validate the same path using a different algorithm (that ignored the >self-signed certificate extensions) a different result was obtained. It >is this lack of interoperability that I am striving to avoid with a little >more clarification text. > >If I need to be clearer please let me know and I'll try. > >--Peter > >---------------------------------------------------------------- > Peter M. Hesse CygnaCom Solutions, a division of > Phone: 703-270-3523 Entrust > ICQ: 1942828 Securing the Internet >---------------------------------------------------------------- >"Pay no attention to what the critics say; there has never been >a statue set up in honor of a critic." --Jean Sibelius > >-----Original Message----- >From: Housley, Russ >[<mailto:rhousley@rsasecurity.com>mailto:rhousley@rsasecurity.com] >Sent: Tuesday, August 21, 2001 3:03 PM >To: Peter Hesse >Cc: wford@verisign.com; wpolk@nist.gov; dsolo@alum.mit.edu; >ietf-pkix@imc.org; iesg@ietf.org >Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 > > >Peter: > >I am not sure that I agree with your points, but maybe I do not fully >understand your points. > >Regarding the first change, I believe that we must allow the first >certificate to be self-issued. How else can key roll over at a root >authority be accomplished. Several documents describe the >old-signed-with-new and new-signed-with-old approach. And, the certificate >path validation algorithm includes several feature just to accommodate this >key rollover technique. > >Regarding the second change, I think that section 6.1 provides the >context. There is even a ASCII-art flow chart in Figure 2. I think that >the text that goes with Figure 2 covers your point. It says: "Step (2) is >performed for all certificates in the path." However, if other people >think that a working change would make this point more clear, I am willing >to make an editorial change. The whole point is to communicate as clearly >as possible. > >Russ > >At 10:24 AM 8/21/2001 -0400, Peter Hesse wrote: > > >All, > > > >I realize these comments are coming quite late in the process, and I hope > >not to cause too much of a problem. However, I feel that standards need > >to be quite explicit in certain areas, and the current draft of the > >Internet X.509 Public Key Infrastructure Certificate and CRL Profile (son > >of 2459) is still a bit ambiguous when it comes to processing self-signed > >trust anchor certificates. I propose two changes in order to reduce this > >ambiguity. First I will quote from the current draft, section 6.1: > > > >-------------------------------------------------------------------------- > > To meet this goal, the path validation process verifies, among other > > things, that a prospective certification path (a sequence of n > > certificates) satisfies the following conditions: > > > > (a) for all x in {1, ..., n-1}, the subject of certificate x is > > the issuer of certificate x+1; > > > > (b) certificate 1 is issued by the trust anchor; > > > > (c) certificate n is the certificate to be validated; and > > > > (d) for all x in {1, ..., n}, the certificate was valid at the > > time in question. > >-------------------------------------------------------------------------- > > > >In my opinion, (b) should be changed to explicity specify that certificate > >1 is not a self-signed certificate issued by the trust anchor. > > > >The second change is needed because the logic of section 6.1 does not > >specifically say what certificates are subject to the validation > >processing other than the part quoted above. My second recommendation is > >to change the beginning of 6.1.3 to the following: > > > >-------------------------------------------------------------------------- > >The basic path processing actions to be performed for certificate i > >(for all i in [1...n]) are listed below. > >-------------------------------------------------------------------------- > > > >These changes would allow certainty that > >- certificate 1 is not the self-signed trust anchor certificate > >- only certificates 1...n are processed, therefore explicitly not > >processing a self-signed trust anchor certificate if one exists in the > path. > > > >Again, apologies for bringing this up so late, but I feel this issue is > >quite important for interoperability between path validation > implementations. > > > >--Peter > > > >---------------------------------------------------------------- > > Peter M. Hesse CygnaCom Solutions, a division of > > Phone: 703-270-3523 Entrust > > ICQ: 1942828 Securing the Internet > >---------------------------------------------------------------- > >"Pay no attention to what the critics say; there has never been > >a statue set up in honor of a critic." --Jean Sibelius Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LKieB15511 for ietf-pkix-bks; Tue, 21 Aug 2001 13:44:40 -0700 (PDT) Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7LKibN15507 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 13:44:37 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <Q8L2BWT1>; Tue, 21 Aug 2001 16:44:33 -0400 Message-ID: <8D7EC1912E25D411A32100D0B76953975A64B3@scygmxs01.cygnacom.com> From: Peter Hesse <pmhesse@cygnacom.com> To: "'Housley, Russ'" <rhousley@rsasecurity.com>, Peter Hesse <pmhesse@cygnacom.com> Cc: wford@verisign.com, wpolk@nist.gov, dsolo@alum.mit.edu, ietf-pkix@imc.org, iesg@ietf.org Subject: RE: Recommended changes to draft-ietf-pkix-new-part1-08 Date: Tue, 21 Aug 2001 16:32:44 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C12A80.6EFD7790" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C12A80.6EFD7790 Content-Type: text/plain Russ, I agree with the fact that we must allow self-issued certificates to begin the path. However, I was saying self-signed, by which I meant "signed by the private key that goes with the public key in the certificate". I'm not sure if there is a need to have the self-signed certificate in the path, but I agree with Steve's point that we don't need to forbid it, we should recommend against it. The idea with my second point was to let validation systems know that "all certificates in the path" did not necessarily include the self-signed trusted root certificate. The reason this all came up is that during the Bridge CA Phase II demonstration, we had a PKI that was supposed to issue a name constraint in their certificate issued to the Bridge, to limit the namespace for their relying parties. They placed this name constraint in their self-signed certificate instead of the cross-certificate. Their clients were all fine with this processing, but when another party tried to validate the same path using a different algorithm (that ignored the self-signed certificate extensions) a different result was obtained. It is this lack of interoperability that I am striving to avoid with a little more clarification text. If I need to be clearer please let me know and I'll try. --Peter ---------------------------------------------------------------- Peter M. Hesse CygnaCom Solutions, a division of Phone: 703-270-3523 Entrust ICQ: 1942828 Securing the Internet ---------------------------------------------------------------- "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius -----Original Message----- From: Housley, Russ [mailto:rhousley@rsasecurity.com] Sent: Tuesday, August 21, 2001 3:03 PM To: Peter Hesse Cc: wford@verisign.com; wpolk@nist.gov; dsolo@alum.mit.edu; ietf-pkix@imc.org; iesg@ietf.org Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 Peter: I am not sure that I agree with your points, but maybe I do not fully understand your points. Regarding the first change, I believe that we must allow the first certificate to be self-issued. How else can key roll over at a root authority be accomplished. Several documents describe the old-signed-with-new and new-signed-with-old approach. And, the certificate path validation algorithm includes several feature just to accommodate this key rollover technique. Regarding the second change, I think that section 6.1 provides the context. There is even a ASCII-art flow chart in Figure 2. I think that the text that goes with Figure 2 covers your point. It says: "Step (2) is performed for all certificates in the path." However, if other people think that a working change would make this point more clear, I am willing to make an editorial change. The whole point is to communicate as clearly as possible. Russ At 10:24 AM 8/21/2001 -0400, Peter Hesse wrote: >All, > >I realize these comments are coming quite late in the process, and I hope >not to cause too much of a problem. However, I feel that standards need >to be quite explicit in certain areas, and the current draft of the >Internet X.509 Public Key Infrastructure Certificate and CRL Profile (son >of 2459) is still a bit ambiguous when it comes to processing self-signed >trust anchor certificates. I propose two changes in order to reduce this >ambiguity. First I will quote from the current draft, section 6.1: > >-------------------------------------------------------------------------- > To meet this goal, the path validation process verifies, among other > things, that a prospective certification path (a sequence of n > certificates) satisfies the following conditions: > > (a) for all x in {1, ..., n-1}, the subject of certificate x is > the issuer of certificate x+1; > > (b) certificate 1 is issued by the trust anchor; > > (c) certificate n is the certificate to be validated; and > > (d) for all x in {1, ..., n}, the certificate was valid at the > time in question. >-------------------------------------------------------------------------- > >In my opinion, (b) should be changed to explicity specify that certificate >1 is not a self-signed certificate issued by the trust anchor. > >The second change is needed because the logic of section 6.1 does not >specifically say what certificates are subject to the validation >processing other than the part quoted above. My second recommendation is >to change the beginning of 6.1.3 to the following: > >-------------------------------------------------------------------------- >The basic path processing actions to be performed for certificate i >(for all i in [1...n]) are listed below. >-------------------------------------------------------------------------- > >These changes would allow certainty that >- certificate 1 is not the self-signed trust anchor certificate >- only certificates 1...n are processed, therefore explicitly not >processing a self-signed trust anchor certificate if one exists in the path. > >Again, apologies for bringing this up so late, but I feel this issue is >quite important for interoperability between path validation implementations. > >--Peter > >---------------------------------------------------------------- > Peter M. Hesse CygnaCom Solutions, a division of > Phone: 703-270-3523 Entrust > ICQ: 1942828 Securing the Internet >---------------------------------------------------------------- >"Pay no attention to what the critics say; there has never been >a statue set up in honor of a critic." --Jean Sibelius ------_=_NextPart_001_01C12A80.6EFD7790 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUS-ASCII"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>RE: Recommended changes to draft-ietf-pkix-new-part1-08</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>Russ,</FONT> </P> <P><FONT SIZE=3D2>I agree with the fact that we must allow self-issued = certificates to begin the path. However, I was saying = self-signed, by which I meant "signed by the private key that goes = with the public key in the certificate". I'm not sure if = there is a need to have the self-signed certificate in the path, but I = agree with Steve's point that we don't need to forbid it, we should = recommend against it.</FONT></P> <P><FONT SIZE=3D2>The idea with my second point was to let validation = systems know that "all certificates in the path" did not = necessarily include the self-signed trusted root = certificate.</FONT></P> <P><FONT SIZE=3D2>The reason this all came up is that during the Bridge = CA Phase II demonstration, we had a PKI that was supposed to issue a = name constraint in their certificate issued to the Bridge, to limit the = namespace for their relying parties. They placed this name = constraint in their self-signed certificate instead of the = cross-certificate. Their clients were all fine with this = processing, but when another party tried to validate the same path = using a different algorithm (that ignored the self-signed certificate = extensions) a different result was obtained. It is this = lack of interoperability that I am striving to avoid with a little more = clarification text.</FONT></P> <P><FONT SIZE=3D2>If I need to be clearer please let me know and I'll = try.</FONT> </P> <P><FONT SIZE=3D2>--Peter</FONT> </P> <P><FONT = SIZE=3D2>---------------------------------------------------------------= - </FONT> <BR><FONT SIZE=3D2> Peter M. = Hesse = CygnaCom Solutions, a division of</FONT> <BR><FONT SIZE=3D2> Phone: = 703-270-3523 = Entrust</FONT> <BR><FONT SIZE=3D2> ICQ: = 1942828  = ; Securing the Internet</FONT> <BR><FONT = SIZE=3D2>---------------------------------------------------------------= - </FONT> <BR><FONT SIZE=3D2>"Pay no attention to what the critics say; = there has never been </FONT> <BR><FONT SIZE=3D2>a statue set up in honor of a critic." --Jean = Sibelius</FONT> </P> <BR> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Housley, Russ [<A = HREF=3D"mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com= </A>]</FONT> <BR><FONT SIZE=3D2>Sent: Tuesday, August 21, 2001 3:03 PM</FONT> <BR><FONT SIZE=3D2>To: Peter Hesse</FONT> <BR><FONT SIZE=3D2>Cc: wford@verisign.com; wpolk@nist.gov; = dsolo@alum.mit.edu;</FONT> <BR><FONT SIZE=3D2>ietf-pkix@imc.org; iesg@ietf.org</FONT> <BR><FONT SIZE=3D2>Subject: Re: Recommended changes to = draft-ietf-pkix-new-part1-08</FONT> </P> <BR> <BR> <P><FONT SIZE=3D2>Peter:</FONT> </P> <P><FONT SIZE=3D2>I am not sure that I agree with your points, but = maybe I do not fully </FONT> <BR><FONT SIZE=3D2>understand your points.</FONT> </P> <P><FONT SIZE=3D2>Regarding the first change, I believe that we must = allow the first </FONT> <BR><FONT SIZE=3D2>certificate to be self-issued. How else can = key roll over at a root </FONT> <BR><FONT SIZE=3D2>authority be accomplished. Several documents = describe the </FONT> <BR><FONT SIZE=3D2>old-signed-with-new and new-signed-with-old = approach. And, the certificate </FONT> <BR><FONT SIZE=3D2>path validation algorithm includes several feature = just to accommodate this </FONT> <BR><FONT SIZE=3D2>key rollover technique.</FONT> </P> <P><FONT SIZE=3D2>Regarding the second change, I think that section 6.1 = provides the </FONT> <BR><FONT SIZE=3D2>context. There is even a ASCII-art flow chart = in Figure 2. I think that </FONT> <BR><FONT SIZE=3D2>the text that goes with Figure 2 covers your = point. It says: "Step (2) is </FONT> <BR><FONT SIZE=3D2>performed for all certificates in the = path." However, if other people </FONT> <BR><FONT SIZE=3D2>think that a working change would make this point = more clear, I am willing </FONT> <BR><FONT SIZE=3D2>to make an editorial change. The whole point = is to communicate as clearly </FONT> <BR><FONT SIZE=3D2>as possible.</FONT> </P> <P><FONT SIZE=3D2>Russ</FONT> </P> <BR> <P><FONT SIZE=3D2>At 10:24 AM 8/21/2001 -0400, Peter Hesse = wrote:</FONT> </P> <P><FONT SIZE=3D2>>All,</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>>I realize these comments are coming quite late = in the process, and I hope </FONT> <BR><FONT SIZE=3D2>>not to cause too much of a problem. = However, I feel that standards need </FONT> <BR><FONT SIZE=3D2>>to be quite explicit in certain areas, and the = current draft of the </FONT> <BR><FONT SIZE=3D2>>Internet X.509 Public Key Infrastructure = Certificate and CRL Profile (son </FONT> <BR><FONT SIZE=3D2>>of 2459) is still a bit ambiguous when it comes = to processing self-signed </FONT> <BR><FONT SIZE=3D2>>trust anchor certificates. I propose two = changes in order to reduce this </FONT> <BR><FONT SIZE=3D2>>ambiguity. First I will quote from the = current draft, section 6.1:</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT = SIZE=3D2>>-----------------------------------------------------------= ---------------</FONT> <BR><FONT SIZE=3D2>> To meet this goal, the path = validation process verifies, among other</FONT> <BR><FONT SIZE=3D2>> things, that a prospective = certification path (a sequence of n</FONT> <BR><FONT SIZE=3D2>> certificates) satisfies the = following conditions:</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> (a) = for all x in {1, ..., n-1}, the subject of certificate x is</FONT> <BR><FONT SIZE=3D2>> the issuer = of certificate x+1;</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> (b) = certificate 1 is issued by the trust anchor;</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> (c) = certificate n is the certificate to be validated; and</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> (d) = for all x in {1, ..., n}, the certificate was valid at the</FONT> <BR><FONT SIZE=3D2>> time in = question.</FONT> <BR><FONT = SIZE=3D2>>-----------------------------------------------------------= ---------------</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>>In my opinion, (b) should be changed to = explicity specify that certificate </FONT> <BR><FONT SIZE=3D2>>1 is not a self-signed certificate issued by the = trust anchor.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>>The second change is needed because the logic of = section 6.1 does not </FONT> <BR><FONT SIZE=3D2>>specifically say what certificates are subject = to the validation </FONT> <BR><FONT SIZE=3D2>>processing other than the part quoted = above. My second recommendation is </FONT> <BR><FONT SIZE=3D2>>to change the beginning of 6.1.3 to the = following:</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT = SIZE=3D2>>-----------------------------------------------------------= ---------------</FONT> <BR><FONT SIZE=3D2>>The basic path processing actions to be = performed for certificate i</FONT> <BR><FONT SIZE=3D2>>(for all i in [1...n]) are listed below.</FONT> <BR><FONT SIZE=3D2>>-------------------------------------------------= -------------------------</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>>These changes would allow certainty that</FONT> <BR><FONT SIZE=3D2>>- certificate 1 is not the self-signed trust = anchor certificate</FONT> <BR><FONT SIZE=3D2>>- only certificates 1...n are processed, = therefore explicitly not </FONT> <BR><FONT SIZE=3D2>>processing a self-signed trust anchor = certificate if one exists in the path.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>>Again, apologies for bringing this up so late, = but I feel this issue is </FONT> <BR><FONT SIZE=3D2>>quite important for interoperability between = path validation implementations.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>>--Peter</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT = SIZE=3D2>>-----------------------------------------------------------= -----</FONT> <BR><FONT SIZE=3D2>> Peter M. = Hesse = CygnaCom Solutions, a division of</FONT> <BR><FONT SIZE=3D2>> Phone: = 703-270-3523 = Entrust</FONT> <BR><FONT SIZE=3D2>> ICQ: = 1942828  = ; Securing the Internet</FONT> <BR><FONT = SIZE=3D2>>-----------------------------------------------------------= -----</FONT> <BR><FONT SIZE=3D2>>"Pay no attention to what the critics say; = there has never been</FONT> <BR><FONT SIZE=3D2>>a statue set up in honor of a critic." = --Jean Sibelius</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C12A80.6EFD7790-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LJ4g511090 for ietf-pkix-bks; Tue, 21 Aug 2001 12:04:42 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7LJ4eN11086 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 12:04:40 -0700 (PDT) Received: from sdtihq24.securid.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 21 Aug 2001 19:02:25 UT Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id PAA03591; Tue, 21 Aug 2001 15:03:42 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <QTWCP51F>; Tue, 21 Aug 2001 15:04:18 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.36]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWCP5D6; Tue, 21 Aug 2001 15:04:06 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Peter Hesse <pmhesse@cygnacom.com> Cc: wford@verisign.com, wpolk@nist.gov, dsolo@alum.mit.edu, ietf-pkix@imc.org, iesg@ietf.org Message-Id: <5.0.1.4.2.20010821145239.028ca5b8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Tue, 21 Aug 2001 15:02:49 -0400 Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 In-Reply-To: <8D7EC1912E25D411A32100D0B76953975A64AE@scygmxs01.cygnacom. com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Peter: I am not sure that I agree with your points, but maybe I do not fully understand your points. Regarding the first change, I believe that we must allow the first certificate to be self-issued. How else can key roll over at a root authority be accomplished. Several documents describe the old-signed-with-new and new-signed-with-old approach. And, the certificate path validation algorithm includes several feature just to accommodate this key rollover technique. Regarding the second change, I think that section 6.1 provides the context. There is even a ASCII-art flow chart in Figure 2. I think that the text that goes with Figure 2 covers your point. It says: "Step (2) is performed for all certificates in the path." However, if other people think that a working change would make this point more clear, I am willing to make an editorial change. The whole point is to communicate as clearly as possible. Russ At 10:24 AM 8/21/2001 -0400, Peter Hesse wrote: >All, > >I realize these comments are coming quite late in the process, and I hope >not to cause too much of a problem. However, I feel that standards need >to be quite explicit in certain areas, and the current draft of the >Internet X.509 Public Key Infrastructure Certificate and CRL Profile (son >of 2459) is still a bit ambiguous when it comes to processing self-signed >trust anchor certificates. I propose two changes in order to reduce this >ambiguity. First I will quote from the current draft, section 6.1: > >-------------------------------------------------------------------------- > To meet this goal, the path validation process verifies, among other > things, that a prospective certification path (a sequence of n > certificates) satisfies the following conditions: > > (a) for all x in {1, ..., n-1}, the subject of certificate x is > the issuer of certificate x+1; > > (b) certificate 1 is issued by the trust anchor; > > (c) certificate n is the certificate to be validated; and > > (d) for all x in {1, ..., n}, the certificate was valid at the > time in question. >-------------------------------------------------------------------------- > >In my opinion, (b) should be changed to explicity specify that certificate >1 is not a self-signed certificate issued by the trust anchor. > >The second change is needed because the logic of section 6.1 does not >specifically say what certificates are subject to the validation >processing other than the part quoted above. My second recommendation is >to change the beginning of 6.1.3 to the following: > >-------------------------------------------------------------------------- >The basic path processing actions to be performed for certificate i >(for all i in [1...n]) are listed below. >-------------------------------------------------------------------------- > >These changes would allow certainty that >- certificate 1 is not the self-signed trust anchor certificate >- only certificates 1...n are processed, therefore explicitly not >processing a self-signed trust anchor certificate if one exists in the path. > >Again, apologies for bringing this up so late, but I feel this issue is >quite important for interoperability between path validation implementations. > >--Peter > >---------------------------------------------------------------- > Peter M. Hesse CygnaCom Solutions, a division of > Phone: 703-270-3523 Entrust > ICQ: 1942828 Securing the Internet >---------------------------------------------------------------- >"Pay no attention to what the critics say; there has never been >a statue set up in honor of a critic." --Jean Sibelius Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LHxTR09622 for ietf-pkix-bks; Tue, 21 Aug 2001 10:59:29 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7LHxMN09618 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 10:59:22 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id KAA27509; Tue, 21 Aug 2001 10:59:19 -0700 (PDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id NAA26525; Tue, 21 Aug 2001 13:59:11 -0400 (EDT) Message-ID: <3B82A149.7B2747CB@sun.com> Date: Tue, 21 Aug 2001 13:58:33 -0400 From: Steve Hanna <steve.hanna@sun.com> Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Hesse <pmhesse@cygnacom.com> CC: "'rhousley@rsasecurity.com'" <rhousley@rsasecurity.com>, "'wford@verisign.com'" <wford@verisign.com>, "'wpolk@nist.gov'" <wpolk@nist.gov>, "'dsolo@alum.mit.edu'" <dsolo@alum.mit.edu>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'iesg@ietf.org'" <iesg@ietf.org> Subject: Re: Recommended changes to draft-ietf-pkix-new-part1-08 References: <8D7EC1912E25D411A32100D0B76953975A64AE@scygmxs01.cygnacom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> The current document seems clear to me, but I've been working with it for years! ;-) Making it clearer is certainly a good idea and I support these changes. I believe they fall into the category of minor editorial changes to clarify the meaning already present in the document and agreed to by the working group. Therefore, I don't think there should be any problem with making these changes, even at this late date. Let me make a few minor comments and offer some specific text for the first change so we have something specific to discuss. > Peter Hesse wrote: > -------------------------------------------------------------------------- > > To meet this goal, the path validation process verifies, among > other > things, that a prospective certification path (a sequence of n > certificates) satisfies the following conditions: > > (a) for all x in {1, ..., n-1}, the subject of certificate x is > > the issuer of certificate x+1; > > (b) certificate 1 is issued by the trust anchor; > > (c) certificate n is the certificate to be validated; and > > (d) for all x in {1, ..., n}, the certificate was valid at the > time in question. > -------------------------------------------------------------------------- > > In my opinion, (b) should be changed to explicity specify that > certificate 1 is not a self-signed certificate issued by the trust > anchor. Actually, certificate 1 *could* be the self-signed certificate if for some reason the path actually happened to start with that certificate. That would be unusual, but I do not think we should explicitly forbid it. But I agree that it would be good to supply explicit guidance at this point in the document that the trust anchor should not normally be included in the path validation procedure. In order to have a specific textual change to discuss, I'll suggest that immediately following point (d) above, a sentence (a new paragraph, I suppose) be added that says: When the trust anchor is provided in the form of a self-signed certificate, this certificate is not included as a part of the prospective certification path. > The second change is needed because the logic of section 6.1 does not > specifically say what certificates are subject to the validation > processing other than the part quoted above. Actually, section 6.1 says "Step (2) is performed for all certificates in the path." Step (2) is defined elsewhere as Basic Certificate Processing, which is discussed in section 6.1.3. And, in the section you quoted above, it defines the "prospective certification path" as "a sequence of n certificates". But I still think that your suggestion below is a good one. It's useful to say the same thing two or three times to make sure there's no misunderstanding, especially since this is a change from RFC 2459, where the trust anchor *was* included in the path for validation purposes. > My second recommendation > is to change the beginning of 6.1.3 to the following: > > -------------------------------------------------------------------------- > > The basic path processing actions to be performed for certificate i > (for all i in [1...n]) are listed below. > -------------------------------------------------------------------------- > > These changes would allow certainty that > - certificate 1 is not the self-signed trust anchor certificate > - only certificates 1...n are processed, therefore explicitly not > processing a self-signed trust anchor certificate if one exists in the > path. > > Again, apologies for bringing this up so late, but I feel this issue > is quite important for interoperability between path validation > implementations. Thanks for bringing it up. It's good to make the document clearer. I just hope we don't descend into a long debate now... Steve Hanna Sun Microsystems, Inc. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LEefK28069 for ietf-pkix-bks; Tue, 21 Aug 2001 07:40:41 -0700 (PDT) Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7LEecN28062 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 07:40:38 -0700 (PDT) Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA16952 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 10:42:49 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p0501040bb7a8214adf35@[128.33.84.34]> Date: Tue, 21 Aug 2001 10:36:04 -0400 To: ietf-pkix@imc.org From: Stephen Kent <kent@bbn.com> Subject: charter revisions Content-Type: multipart/alternative; boundary="============_-1213717552==_ma============" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --============_-1213717552==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" Folks, We were pinged about the need to update the PKIX WG charter, both during the meeting in London, and via a message the chairs received from the IETF Secretariat. So, here is a proposed revision to the charter that Tim and I have developed. Please review it and provide comments by 8/28, so that we can post the revised charter by the end of the momth. Thanks, Steve ------- Description of Working Group: The PKIX Working Group was established in the Fall of 1995 with the intent of developing Internet standards needed to support an X.509-based PKI. The scope of PKIX work has expanded beyond this initial goal. PKIX not only profiles ITU PKI standards, but also develops new standards apropos to the use of X.509-based PKIs in the Internet. PKIX has produced several informational and standards track documents in support of the original and revised scope of the WG. The first of these standards, RFC 2459, profiled X.509 version 3 certificates and version 2 CRLs for use in the Internet. Profiles for the use of LDAP v2 for certificate and CRL storage (RFC 2587), the Internet X.509 Public Key Infrastructure Qualified Certificates Profile (RFC 2875), and the Internet X.509 Public Key Infrastructure Certificate Policy and certification Practices Framework (RFC 2527 - Informational) are in line with the initial scope. The Certificate Management Protocol (CMP) (RFC 2510), the Online Certificate Status Protocol (OCSP) (RFC 2560), Certificate Management Request Format (CRMF) (RFC 2511), Certificate Management Messages over CMS (RFC 2797), Internet X.509 Public Key Infrastructure Time Stamp Protocols (RFC xxxx), and the use of FTP and HTTP for transport of PKI operations (RFC 2585) are representative of the expanded scope of PKIX, as these are new protocols developed in the working group, not profiles of ITU PKI standards. A roadmap, providing a guide to the growing set of PKIX document, also has been developed as an informational RFC. Ongoing PKIX Work items An ongoing PKIX task is the progression of existing, standards track RFCs from PROPOSED to DRAFT. Also, to the extent that PKIX work relates to protocols from other areas, e.g., LDAP, it is necessary to track the evolution of the other protocols and produce updated RFCs. For example, the LDAP v2 documents from PKIX are evolving to address LDAP v3. New Work items for PKIX - production of a requirements RFC for delegated path discovery and path validation protocols (DPD/DPV) and subsequent production of RFCs for protocols that satisfy the requirements - development of an RFC for a logotype extension for certificates - development of a proxy certificate extension and associated processing rules Not all of these items may become standards track RFCs. Some may become INFORMATIONAL or EXPERIMENTAL RFCs. Goals and Milestones: Done PROPOSED Standard RFCs for public key and attribute certificate profiles, CMP, OCSP, CMC, CRMF, TSP, Qualified Certificates, LDAP v2 schema, use of FTP/HTTP, Diffie-Hellman POP Done INFORMATIONAL RFCs for X.509 PKI policies and practices, use of KEA Done Experimental RFC for Data Validation and Certification Server Protocols 8/01 Production of revised certificate and CRL syntax and processing RFC (son-of-2459) 10/01 Progression of CRMF, CMP, and CMP Transport to DRAFT Standard 12/01 Production of revised CMC RFCs (updates and split of CMC into several parts) 12/ 01 DPD/DVP Requirements RFC 12/01 Progression of OCSP to DRAFT Standard 3/02 DPV/DPD Protocols RFCs 3/02 Logotype Extension RFC 3/02 Proxy Certificate RFC 7/02 Progression of CMC RFCs to DRAFT Standard --============_-1213717552==_ma============ Content-Type: text/html; charset="us-ascii" <!doctype html public "-//W3C//DTD W3 HTML//EN"> <html><head><style type="text/css"><!-- blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 } --></style><title>charter revisions</title></head><body> <div>Folks,</div> <div><br></div> <div>We were pinged about the need to update the PKIX WG charter, both during the meeting in London, and via a message the chairs received from the IETF Secretariat. So, here is a proposed revision to the charter that Tim and I have developed. Please review it and provide comments by 8/28, so that we can post the revised charter by the end of the momth.</div> <div><br></div> <div>Thanks,</div> <div><br></div> <div>Steve</div> <div>-------</div> <div><br></div> <div><font face="Times New Roman" size="+5" color="#000000"><b>Description of Working Group:<br> <br> </b></font><font face="Times New Roman" size="+3" color="#000000">The PKIX Working Group was established in the Fall of 1995 with the intent of developing Internet standards needed to support an X.509-based PKI. The scope of PKIX work has expanded beyond this initial goal. PKIX not only profiles ITU PKI standards, but also develops new standards apropos to the use of X.509-based PKIs in the Internet.<br> <br> PKIX has produced several informational and standards track documents in support of the original and revised scope of the WG. The first of these standards, RFC 2459, profiled X.509 version 3 certificates and version 2 CRLs for use in the Internet. Profiles for the use of LDAP v2 for certificate and CRL storage (RFC 2587), the Internet X.509 Public Key Infrastructure Qualified Certificates Profile (RFC 2875), and the Internet X.509 Public Key Infrastructure Certificate Policy and certification Practices Framework (RFC 2527 - Informational) are in line with the initial scope.<br> <br> The Certificate Management Protocol (CMP) (RFC 2510), the Online Certificate Status Protocol (OCSP) (RFC 2560), Certificate Management Request Format (CRMF) (RFC 2511), Certificate Management Messages over CMS (RFC 2797), Internet X.509 Public Key Infrastructure Time Stamp Protocols (RFC xxxx), and the use of FTP and HTTP for transport of PKI operations (RFC 2585) are representative of the expanded scope of PKIX, as these are new protocols developed in the working group, not profiles of ITU PKI standards.<br> <br> A roadmap, providing a guide to the growing set of PKIX document, also has been developed as an informational RFC.<br> <br> <b>Ongoing PKIX Work items<br> <br> </b>An ongoing PKIX task is the progression of existing, standards track RFCs from PROPOSED to DRAFT. Also, to the extent that PKIX work relates to protocols from other areas, e.g., LDAP, it is necessary to track the evolution of the other protocols and produce updated RFCs. For example, the LDAP v2 documents from PKIX are evolving to address LDAP v3.<br> <br> <b>New Work items for PKIX<br> <br> </b>- production of a requirements RFC for delegated path discovery and path validation protocols (DPD/DPV) and subsequent production of RFCs for protocols that satisfy the requirements<br> <br> - development of an RFC for a logotype extension for certificates<br> <br> - development of a proxy certificate extension and associated processing rules<br> <br> Not all of these items may become standards track RFCs. Some may become INFORMATIONAL or EXPERIMENTAL RFCs.<br> <br> </font><font face="Times New Roman" size="+5" color="#000000"><b>Goals and Milestones:<br> <br> </b></font><font face="Times New Roman" size="+3" color="#000000">Done<x-tab> </x-tab><x-tab> </x-tab>PROPOSED Standard RFCs for public key and attribute certificate profiles, CMP, OCSP, CMC, CRMF, TSP, Qualified Certificates, LDAP v2 schema, use of FTP/HTTP, Diffie-Hellman POP<br> Done<x-tab> </x-tab><x-tab> </x-tab>INFORMATIONAL RFCs for X.509 PKI policies and practices, use of KEA<br> Done<x-tab> </x-tab><x-tab> </x-tab>Experimental RFC for Data Validation and Certification Server Protocols<br> 8/01<x-tab> </x-tab><x-tab> </x-tab>Production of revised certificate and CRL syntax and processing RFC (son-of-2459)<br> 10/01<x-tab> </x-tab><x-tab> </x-tab>Progression of CRMF, CMP, and CMP Transport to DRAFT Standard<br> 12/01<x-tab> </x-tab><x-tab> </x-tab>Production of revised CMC RFCs (updates and split of CMC into several parts)<br> 12/ 01<x-tab> </x-tab><x-tab> </x-tab>DPD/DVP Requirements RFC<br> 12/01<x-tab> </x-tab><x-tab> </x-tab>Progression of OCSP to DRAFT Standard<br> 3/02<x-tab> </x-tab><x-tab> </x-tab>DPV/DPD Protocols RFCs<br> 3/02<x-tab> </x-tab><x-tab> </x-tab>Logotype Extension RFC<br> 3/02<x-tab> </x-tab><x-tab> </x-tab>Proxy Certificate RFC<br> 7/02<x-tab> </x-tab><x-tab> </x-tab>Progression of CMC RFCs to DRAFT Standard</font></div> </body> </html> --============_-1213717552==_ma============-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LEa1I27839 for ietf-pkix-bks; Tue, 21 Aug 2001 07:36:01 -0700 (PDT) Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7LEZwN27833 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 07:35:59 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <Q8L2BQ41>; Tue, 21 Aug 2001 10:35:53 -0400 Message-ID: <8D7EC1912E25D411A32100D0B76953975A64AE@scygmxs01.cygnacom.com> From: Peter Hesse <pmhesse@cygnacom.com> To: "'rhousley@rsasecurity.com'" <rhousley@rsasecurity.com>, "'wford@verisign.com'" <wford@verisign.com>, "'wpolk@nist.gov'" <wpolk@nist.gov>, "'dsolo@alum.mit.edu'" <dsolo@alum.mit.edu> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'iesg@ietf.org'" <iesg@ietf.org> Subject: Recommended changes to draft-ietf-pkix-new-part1-08 Date: Tue, 21 Aug 2001 10:24:08 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C12A4C.F09F3010" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C12A4C.F09F3010 Content-Type: text/plain; charset="iso-8859-1" All, I realize these comments are coming quite late in the process, and I hope not to cause too much of a problem. However, I feel that standards need to be quite explicit in certain areas, and the current draft of the Internet X.509 Public Key Infrastructure Certificate and CRL Profile (son of 2459) is still a bit ambiguous when it comes to processing self-signed trust anchor certificates. I propose two changes in order to reduce this ambiguity. First I will quote from the current draft, section 6.1: -------------------------------------------------------------------------- To meet this goal, the path validation process verifies, among other things, that a prospective certification path (a sequence of n certificates) satisfies the following conditions: (a) for all x in {1, ..., n-1}, the subject of certificate x is the issuer of certificate x+1; (b) certificate 1 is issued by the trust anchor; (c) certificate n is the certificate to be validated; and (d) for all x in {1, ..., n}, the certificate was valid at the time in question. -------------------------------------------------------------------------- In my opinion, (b) should be changed to explicity specify that certificate 1 is not a self-signed certificate issued by the trust anchor. The second change is needed because the logic of section 6.1 does not specifically say what certificates are subject to the validation processing other than the part quoted above. My second recommendation is to change the beginning of 6.1.3 to the following: -------------------------------------------------------------------------- The basic path processing actions to be performed for certificate i (for all i in [1...n]) are listed below. -------------------------------------------------------------------------- These changes would allow certainty that - certificate 1 is not the self-signed trust anchor certificate - only certificates 1...n are processed, therefore explicitly not processing a self-signed trust anchor certificate if one exists in the path. Again, apologies for bringing this up so late, but I feel this issue is quite important for interoperability between path validation implementations. --Peter ---------------------------------------------------------------- Peter M. Hesse CygnaCom Solutions, a division of Phone: 703-270-3523 Entrust ICQ: 1942828 Securing the Internet ---------------------------------------------------------------- "Pay no attention to what the critics say; there has never been a statue set up in honor of a critic." --Jean Sibelius ------_=_NextPart_001_01C12A4C.F09F3010 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>Recommended changes to draft-ietf-pkix-new-part1-08</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>All,</FONT> </P> <P><FONT SIZE=3D2>I realize these comments are coming quite late in the = process, and I hope not to cause too much of a problem. However, = I feel that standards need to be quite explicit in certain areas, and = the current draft of the Internet X.509 Public Key Infrastructure = Certificate and CRL Profile (son of 2459) is still a bit ambiguous when = it comes to processing self-signed trust anchor certificates. I = propose two changes in order to reduce this ambiguity. First I = will quote from the current draft, section 6.1:</FONT></P> <P><FONT = SIZE=3D2>---------------------------------------------------------------= -----------</FONT> <BR><FONT SIZE=3D2> To meet this goal, the path validation = process verifies, among other</FONT> <BR><FONT SIZE=3D2> things, that a prospective = certification path (a sequence of n</FONT> <BR><FONT SIZE=3D2> certificates) satisfies the following = conditions:</FONT> </P> <P><FONT SIZE=3D2> (a) for all x in = {1, ..., n-1}, the subject of certificate x is</FONT> <BR><FONT SIZE=3D2> the issuer of = certificate x+1;</FONT> </P> <P><FONT SIZE=3D2> (b) certificate = 1 is issued by the trust anchor;</FONT> </P> <P><FONT SIZE=3D2> (c) certificate = n is the certificate to be validated; and</FONT> </P> <P><FONT SIZE=3D2> (d) for all x in = {1, ..., n}, the certificate was valid at the</FONT> <BR><FONT SIZE=3D2> time in = question.</FONT> <BR><FONT = SIZE=3D2>---------------------------------------------------------------= -----------</FONT> </P> <P><FONT SIZE=3D2>In my opinion, (b) should be changed to explicity = specify that certificate 1 is not a self-signed certificate issued by = the trust anchor. </FONT></P> <P><FONT SIZE=3D2>The second change is needed because the logic of = section 6.1 does not specifically say what certificates are subject to = the validation processing other than the part quoted above. My = second recommendation is to change the beginning of 6.1.3 to the = following: </FONT></P> <P><FONT = SIZE=3D2>---------------------------------------------------------------= -----------</FONT> <BR><FONT SIZE=3D2>The basic path processing actions to be performed = for certificate i </FONT> <BR><FONT SIZE=3D2>(for all i in [1...n]) are listed below.</FONT> <BR><FONT = SIZE=3D2>---------------------------------------------------------------= -----------</FONT> </P> <P><FONT SIZE=3D2>These changes would allow certainty that </FONT> <BR><FONT SIZE=3D2>- certificate 1 is not the self-signed trust anchor = certificate</FONT> <BR><FONT SIZE=3D2>- only certificates 1...n are processed, therefore = explicitly not processing a self-signed trust anchor certificate if one = exists in the path.</FONT></P> <P><FONT SIZE=3D2>Again, apologies for bringing this up so late, but I = feel this issue is quite important for interoperability between path = validation implementations.</FONT></P> <P><FONT SIZE=3D2>--Peter</FONT> </P> <P><FONT = SIZE=3D2>---------------------------------------------------------------= - </FONT> <BR><FONT SIZE=3D2> Peter M. = Hesse = CygnaCom Solutions, a division of</FONT> <BR><FONT SIZE=3D2> Phone: = 703-270-3523 = Entrust</FONT> <BR><FONT SIZE=3D2> ICQ: = 1942828  = ; Securing the Internet</FONT> <BR><FONT = SIZE=3D2>---------------------------------------------------------------= - </FONT> <BR><FONT SIZE=3D2>"Pay no attention to what the critics say; = there has never been </FONT> <BR><FONT SIZE=3D2>a statue set up in honor of a critic." --Jean = Sibelius</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C12A4C.F09F3010-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LEVFt27695 for ietf-pkix-bks; Tue, 21 Aug 2001 07:31:15 -0700 (PDT) Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7LEVEN27691 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 07:31:14 -0700 (PDT) Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA14345 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 10:33:18 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p0501040ab7a82046a22a@[128.33.84.34]> Date: Tue, 21 Aug 2001 10:31:37 -0400 To: ietf-pkix@imc.org From: Stephen Kent <kent@bbn.com> Subject: draft minutes Content-Type: multipart/alternative; boundary="============_-1213718119==_ma============" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --============_-1213718119==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" Folks, Please review the meeting minutes and get back to me with any corrections by 8/28, so that I can submit them to the IETF secretariat by the end of the month. Thanks, Steve -------- PKIX WG Meeting 8/6/01 Edited by Steve Kent (WG co-chairs) The PKIX WG met once during the 51st IETF. A total of approximately 153 individuals participated in the meeting. Tim quickly reviewed the agenda and document status, noting that there are many I-Ds in progress. (see slides) Two new RFCs in the editor's queue: RFC xxxx Timestamp Protocol RFC xxxx Attribute Certificate Profile In the IESG Review Process: PKIX Certificate and CRL Profile (a.k.a., son-of-2459) Public Key Algorithms and Identifiers for the PKIX Certificate profile Soon to be Submitted to IESG: PKIX Roadmap Repository Locator Service In WG Last Call: none Close to WG last call: Certificate Management Protocol (RFC 2510bis) Certificate Request Message Framework (RFC 2511bis) Transport Protocols for CMP Online Certificate Status Protocol (OCSP v2) New Work: Logotype Certificates - Stefan Santesson (AddTrust) Notion is to embed references to logos in certificates, for CAs or for EEs, to allow display of the logo as part of certificate processing. Argument is that people relate to logos in the physical world, and don't display certificate contents, so this is a way to bring branding into PKIs. Major concern is that people could be mislead by certificates issued by a CA that binds inappropriate logos to certificates it issues, e.g., there is no way to constrain logo references the same way we can constrain names. Proposal is to create a new extension for carrying a pointer (URL) to the logo image, an indication of the image type, and a hash of the image. (see slides) Supplemental Algorithms - Ari Singer (NTRU) New work item, to contain specs for a set of algorithms that COULD be used with PKIX data structures. Support for these algorithms is not mandated, but this document will provide a reference for these supplemental algorithms. Note need to include appropriate intellectual property warnings for proprietary algorithms, and to distinguish between algorithms that are standards, vs, proprietary. (see slides) PKI Disaster Recovery - Denis Pinkas (Integris) The goal of this new work is to create an informational RFC which addresses how to deal with compromise or loss of use of a CA, AA, or TSA key. Different requirements arise for EE signature keys vs. EE encryption keys, and these are addressed separately. (see slides) Using DNS for PKI Support- Simon Josephson (RSA) ID published as a personal draft. Focuses on using DNS to hold certificates and CRLs. Works especially well for S/MINE, given typical DNS lookup re MX records. Question is whether PKIX should adopt this as a work item? Will discuss this on the list. (no slides) Ongoing Work: LDAP V3 Profile and Certificate Matching Rules - David Chadwick (Univ of Salford) Profile going well, looking for feedback before publishing as RFC. Matching rules work not as far along, but implementation work now funded at Salford, which will help progress. CMC Update - Jim Schaad (Soaring Hawk Consulting) Core functions largely unchanged, e.g., ASN syntax and processing rules wil be static. New set of CMC documents being issued, breaking into multiple pieces to allow easier progression of pieces, e.g., transport, archive (also used by S/MIME), compliance document. VeriSign hosted interoperability testing covering a large number of protocol features. Several issues were uncovered during testing. (see slides) CMP Update - Carlisle Adams (Entrust) Interoperability testing yielded clarifications and the document is now ready to go to Draft Standard status. Proxy Certificates - Stephen Tuecke (Argonne Labs) Revised ID has been published. Related draft in TLS WG. Not many attendees have read this draft, according to a show of hands. Because it requires changes to certificate path validation, there is a significant question about whether these changes should be part of the base standards, or if this processing is a separate step to be performed after standard path validation processing. (see slides) OCSPv2 - Michael Myers (VeriSign) Authors have decided to publish as experimental for now. (no slides) SCVP - Ambarish Malpani (ValiCert) No significant changes for now. (no slides) DPD/DPV - Denis Pinkas (Integris) New ID posed to list. Incorporate new approach to DPV/DPD, using 3 protocols: DPV, DPD, and a separate protocol for management of policy data used for validation or discovery. This allows the DPD and DPV protocols to be smaller and simpler, because the management of parameters used for DPD/DPV is part of a separate protocol. The management protocol might not be implemented on many clients, e.g., thin clients. References to the parameters (policy) used for validation are OIDs, and there is a provision for a client to NOT specify a policy, but have a server employ a default policy and return that to the user. Extensive use of hashes of ancillary values to keep messages brief, but allow checking by client. DPV proposal allows for validation re current time, or past time (re-validation). DPV can return four answers, reflecting level of knowledge available to the server, especially with regard to revocation data. DPD and management protocol also presented in detail. (see slides) Policy Requirements for Timestamping Authorities- Denis Pinkas (Integris) Discussion of this ETSI document and solicitation of comments. (see slides) --============_-1213718119==_ma============ Content-Type: text/html; charset="us-ascii" <!doctype html public "-//W3C//DTD W3 HTML//EN"> <html><head><style type="text/css"><!-- blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 } --></style><title>draft minutes</title></head><body> <div><font color="#000000">Folks,</font></div> <div><font color="#000000"><br></font></div> <div><font color="#000000">Please review the meeting minutes and get back to me with any corrections by 8/28, so that I can submit them to the IETF secretariat by the end of the month.</font></div> <div><font color="#000000"><br></font></div> <div><font color="#000000">Thanks,</font></div> <div><font color="#000000"><br></font></div> <div><font color="#000000">Steve</font></div> <div><font color="#000000">--------</font></div> <div><font face="Courier" size="+2" color="#000000"><br></font></div> <div><font face="Courier" size="+2" color="#000000">PKIX WG Meeting 8/6/01<br> Edited by Steve Kent (WG co-chairs)<br> <br> The PKIX WG met once during the 51st IETF. A total of approximately 153<br> individuals participated in the meeting.<br> <br> <br> Tim quickly reviewed the agenda and document status, noting that there are many<br> I-Ds in progress. (see slides)<br> <br> Two new RFCs in the editor's queue:<br> <x-tab> </x-tab>RFC xxxx<x-tab> </x-tab>Timestamp Protocol<br> <x-tab> </x-tab>RFC xxxx<x-tab> </x-tab>Attribute Certificate Profile<br> <br> In the IESG Review Process:<br> <x-tab> </x-tab>PKIX Certificate and CRL Profile (a.k.a., son-of-2459)<br> <x-tab> </x-tab>Public Key Algorithms and Identifiers for the PKIX Certificate profile<br> <br> Soon to be Submitted to IESG:<br> <x-tab> </x-tab>PKIX Roadmap<br> <x-tab> </x-tab>Repository Locator Service<br> <br> In WG Last Call:<br> <x-tab> </x-tab>none<br> <br> Close to WG last call:<br> <x-tab> </x-tab>Certificate Management Protocol (RFC 2510bis)<br> <x-tab> </x-tab>Certificate Request Message Framework (RFC 2511bis)<br> <x-tab> </x-tab>Transport Protocols for CMP<br> <x-tab> </x-tab>Online Certificate Status Protocol (OCSP v2)<br> <br> New Work:<br> <br> <br> Logotype Certificates - Stefan Santesson (AddTrust)<br> <x-tab> </x-tab>Notion is to embed references to logos in certificates, for<br> CAs or for EEs, to allow display of the logo as part of certificate<br> processing. Argument is that people relate to logos in the physical<br> world, and don't display certificate contents, so this is a way to<br> bring branding into PKIs. Major concern is that people could be<br> mislead by certificates issued by a CA that binds inappropriate logos<br> to certificates it issues, e.g., there is no way to constrain logo<br> references the same way we can constrain names. Proposal is to create<br> a new extension for carrying a pointer (URL) to the logo image, an<br> indication of the image type, and a hash of the image. (see slides)<br> <br> Supplemental Algorithms - Ari Singer (NTRU)<br> <x-tab> </x-tab>New work item, to contain specs for a set of algorithms that<br> COULD be used with PKIX data structures. Support for these algorithms<br> is not mandated, but this document will provide a reference for these<br> supplemental algorithms. Note need to include appropriate<br> intellectual property warnings for proprietary algorithms, and to<br> distinguish between algorithms that are standards, vs, proprietary.<br> (see slides)<br> <br> PKI Disaster Recovery - Denis Pinkas (Integris)<br> <x-tab> </x-tab>The goal of this new work is to create an informational RFC<br> which addresses how to deal with compromise or loss of use of a CA,<br> AA, or TSA key. Different requirements arise for EE signature keys<br> vs. EE encryption keys, and these are addressed separately. (see<br> slides)<br> <br> Using DNS for PKI Support- Simon Josephson (RSA)<br> <x-tab> </x-tab>ID published as a personal draft. Focuses on using DNS to<br> hold certificates and CRLs. Works especially well for S/MINE, given<br> typical DNS lookup re MX records. Question is whether PKIX should<br> adopt this as a work item? Will discuss this on the list. (no slides)<br> <br> <br> Ongoing Work:<br> <br> LDAP V3 Profile and Certificate Matching Rules - David Chadwick (Univ<br> of Salford)<br> <x-tab> </x-tab>Profile going well, looking for feedback before publishing as<br> RFC. Matching rules work not as far along, but implementation work<br> now funded at Salford, which will help progress.<br> <br> CMC Update - Jim Schaad (Soaring Hawk Consulting)<br> <x-tab> </x-tab>Core functions largely unchanged, e.g., ASN syntax and<br> processing rules wil be static. New set of CMC documents being<br> issued, breaking into multiple pieces to allow easier progression of<br> pieces, e.g., transport, archive (also used by S/MIME), compliance<br> document. VeriSign hosted interoperability testing covering a large<br> number of protocol features. Several issues were uncovered during<br> testing. (see slides)<br> <br> CMP Update - Carlisle Adams (Entrust)<br> <x-tab> </x-tab>Interoperability testing yielded clarifications and the<br> document is now ready to go to Draft Standard status.<br> <br> Proxy Certificates - Stephen Tuecke (Argonne Labs)<br> <x-tab> </x-tab>Revised ID has been published. Related draft in TLS WG. Not<br> many attendees have read this draft, according to a show of hands.<br> Because it requires changes to certificate path validation, there is</font></div> <div><font face="Courier" size="+2" color="#000000">a significant question about whether these changes should be part of<br> the base standards, or if this processing is a separate step to be<br> performed after standard path validation processing. (see slides)<br> <br> OCSPv2 - Michael Myers (VeriSign)<br> <x-tab> </x-tab>Authors have decided to publish as experimental for now. (no slides)<br> <br> SCVP - Ambarish Malpani (ValiCert)<br> <x-tab> </x-tab>No significant changes for now. (no slides)<br> <br> DPD/DPV - Denis Pinkas (Integris)<br> <x-tab> </x-tab>New ID posed to list. Incorporate new approach to DPV/DPD,<br> using 3 protocols: DPV, DPD, and a separate protocol for management<br> of policy data used for validation or discovery. This allows the DPD<br> and DPV protocols to be smaller and simpler, because the management<br> of parameters used for DPD/DPV is part of a separate protocol. The<br> management protocol might not be implemented on many clients, e.g.,<br> thin clients. References to the parameters (policy) used for<br> validation are OIDs, and there is a provision for a client to NOT<br> specify a policy, but have a server employ a default policy and<br> return that to the user. Extensive use of hashes of ancillary values<br> to keep messages brief, but allow checking by client. DPV proposal<br> allows for validation re current time, or past time (re-validation).<br> DPV can return four answers, reflecting level of knowledge available<br> to the server, especially with regard to revocation data. DPD and<br> management protocol also presented in detail. (see slides)<br> <br> Policy Requirements for Timestamping Authorities- Denis Pinkas (Integris)<br> <x-tab> </x-tab>Discussion of this ETSI document and solicitation of<br> comments. (see slides)</font></div> </body> </html> --============_-1213718119==_ma============-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LCMhP22314 for ietf-pkix-bks; Tue, 21 Aug 2001 05:22:43 -0700 (PDT) Received: from firewall.andxor.it (firewall.andxor.it [195.223.2.2]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7LCMeN22308 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 05:22:40 -0700 (PDT) Received: from tho.andxor.com (tho.andxor.it [195.223.2.222]) by firewall.andxor.it (8.9.2/8.9.2) with ESMTP id OAA02473; Tue, 21 Aug 2001 14:22:40 +0200 (CEST) (envelope-from tho@tho.andxor.com) Received: (from tho@localhost) by tho.andxor.com (8.9.3/8.9.3) id OAA21703; Tue, 21 Aug 2001 14:23:22 +0200 (CEST) (envelope-from tho) Date: Tue, 21 Aug 2001 14:23:22 +0200 From: tho <tho@andxor.com> To: pgut001@cs.auckland.ac.nz, Peter Sylvester <Peter.Sylvester@edelweb.fr> Cc: ietf-pkix@imc.org, r.galli@com-and.com Subject: Re: New test TSA available Message-ID: <20010821142321.A21603@tho.andxor.com> References: <200108211141.NAA08284@emeriau.edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200108211141.NAA08284@emeriau.edelweb.fr>; from Peter.Sylvester@EdelWeb.fr on Tue, Aug 21, 2001 at 01:41:55PM +0200 X-Operating-System: FreeBSD Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> hello peter(s), there is another point which i've missed in the previous mail that is concerned with the TSA certificate: it should contain one (and sole) extended key usage field with value id-kp-timeStamping so that the only keyUsage set to nonRepudiation is not enough... i'm growing more and more pedantic, excuse me :) tho -- (__) (oo) \/-------\ || | \ ||---W|| * Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LBg7i20586 for ietf-pkix-bks; Tue, 21 Aug 2001 04:42:07 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7LBg5N20576 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 04:42:05 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA01403; Tue, 21 Aug 2001 13:41:57 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 21 Aug 2001 13:41:57 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA11935; Tue, 21 Aug 2001 13:41:56 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA08284; Tue, 21 Aug 2001 13:41:55 +0200 (MET DST) Date: Tue, 21 Aug 2001 13:41:55 +0200 (MET DST) Message-Id: <200108211141.NAA08284@emeriau.edelweb.fr> To: pgut001@cs.auckland.ac.nz, tho@andxor.com Subject: Re: New test TSA available Cc: ietf-pkix@imc.org, r.galli@com-and.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> > ::content type:: > > (A) draft-ietf-pkix-time-stamp-15 states that eContentType for a time > stamping token should be id-ct-TSTInfo why is it instead set to > id-data ? > > since the encapsulated content type is set to id-data, version > field in SignedData is (`correctly' since (A)) set to 1 and not to 3 > version 3 seems correct for another reason: >From CMS: version is the syntax version number. If the SignerIdentifier is the CHOICE issuerAndSerialNumber, then the version shall be 1. If the SignerIdentifier is subjectKeyIdentifier, then the version shall be 3. 151 31 119: SET { 153 30 117: SEQUENCE { 155 02 1: INTEGER 3 158 80 20: [0] : 6F 68 B0 B9 90 36 9F 63 4E 96 45 BE A4 9B E7 E3 : 64 38 B9 55 SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier } Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7LABpJ14764 for ietf-pkix-bks; Tue, 21 Aug 2001 03:11:51 -0700 (PDT) Received: from firewall.andxor.it (firewall.andxor.it [195.223.2.2]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7LABkN14760 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 03:11:47 -0700 (PDT) Received: from tho.andxor.com (tho.andxor.it [195.223.2.222]) by firewall.andxor.it (8.9.2/8.9.2) with ESMTP id MAA01789; Tue, 21 Aug 2001 12:11:44 +0200 (CEST) (envelope-from tho@tho.andxor.com) Received: (from tho@localhost) by tho.andxor.com (8.9.3/8.9.3) id MAA21240; Tue, 21 Aug 2001 12:12:26 +0200 (CEST) (envelope-from tho) Date: Tue, 21 Aug 2001 12:12:26 +0200 From: tho <tho@andxor.com> To: Peter Gutmann <pgut001@cs.auckland.ac.nz> Cc: ietf-pkix@imc.org, r.galli@com-and.com Subject: Re: New test TSA available Message-ID: <20010821121226.A21103@tho.andxor.com> References: <200108210015.MAA256633@ruru.cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200108210015.MAA256633@ruru.cs.auckland.ac.nz>; from pgut001@cs.auckland.ac.nz on Tue, Aug 21, 2001 at 12:15:35PM +1200 X-Operating-System: FreeBSD Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> hello peter, i've tried a couple of requests to cryptoapps tsa and this is what i've found: ::content type:: (A) draft-ietf-pkix-time-stamp-15 states that eContentType for a time stamping token should be id-ct-TSTInfo why is it instead set to id-data ? since the encapsulated content type is set to id-data, version field in SignedData is (`correctly' since (A)) set to 1 and not to 3 ::signed attributes:: draft-ietf-pkix-time-stamp-15 states that The certificate identifier (ESSCertID) of the TSA certificate MUST be included as a signerInfo attribute inside a SigningCertificate attribute, and here it is missing since (A) ContentType attribute in signedAttrs inside SignerInfo is set to id-data ::signature algorithm:: signatureAlgorithm in SignerInfo is rsaEncryption, shouldn't it be more likely sha1withRSAEncryption ? thank you, tho -- (__) (oo) \/-------\ || | \ ||---W|| * Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7L0FdJ04965 for ietf-pkix-bks; Mon, 20 Aug 2001 17:15:39 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7L0FbN04959 for <ietf-pkix@imc.org>; Mon, 20 Aug 2001 17:15:37 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id MAA19324 for <ietf-pkix@imc.org>; Tue, 21 Aug 2001 12:15:35 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id MAA256633 for ietf-pkix@imc.org; Tue, 21 Aug 2001 12:15:35 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Tue, 21 Aug 2001 12:15:35 +1200 (NZST) Message-ID: <200108210015.MAA256633@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org Subject: New test TSA available Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> There's a new TSA available at tsa.cryptoapps.com:3318, running in a FIPS 140-1 level 4 device (it's just a demo which runs single-threaded, so if you throw a huge number of concurrent requests at it you may get some refused connections, although I doubt it'll be a big issue for now). There will also be an OCSP responder at ocsp.cryptoapps.com and a CMP server at cmp.cryptoapps.com in the near future running on the same hardware, at the moment I think the ports are still blocked so you won't be able to get to them. Peter. Received: by above.proper.com (8.11.3/8.11.3) id f7JMt7o01517 for ietf-pkix-bks; Sun, 19 Aug 2001 15:55:07 -0700 (PDT) Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7JMt1N01513 for <ietf-pkix@imc.org>; Sun, 19 Aug 2001 15:55:01 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 19 Aug 2001 22:52:49 UT Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id SAA05315 for <ietf-pkix@imc.org>; Sun, 19 Aug 2001 18:54:29 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <QTWC397D>; Sun, 19 Aug 2001 18:55:03 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (10.3.1.121 [10.3.1.121]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWC397B; Sun, 19 Aug 2001 18:55:00 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Hideyuki Odahara <odahara@dsa.isl.ntt.co.jp> Cc: ietf-pkix@imc.org Message-Id: <5.0.1.4.2.20010819180249.02673780@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Sun, 19 Aug 2001 18:05:33 -0400 Subject: Re: draft-ietf-pkix-ac509prof-09 ASN.1 "IMPLICIT" In-Reply-To: <20010807142146.A6E6.ODAHARA@dsa.isl.ntt.co.jp> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I am not sure whether the reponse was posted to this query or not. Please excuse the redundancy if it has already been answered. The change was made to align with the ITU-T/ISO document. The PKIX document was EXPLICT, and the ITU-T/ISO one was IMPLICIT. Clearly, they should have been the same from the start. The module OID was not changed because the error only existed in Internet-Draft documents. One should expect changes to such documents. Russ At 02:23 PM 8/7/2001 +0900, Hideyuki Odahara wrote: >Why did "EXPLICIT" change to "IMPLICIT". >There is no reason and no description about >chainging at Appendix C:Change History. > >Please tell me. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7JMi7Q01401 for ietf-pkix-bks; Sun, 19 Aug 2001 15:44:07 -0700 (PDT) Received: from thunder.dstc.qut.edu.au (thunder.dstc.qut.edu.au [131.181.71.1]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7JMi5N01397 for <ietf-pkix@imc.org>; Sun, 19 Aug 2001 15:44:05 -0700 (PDT) Received: from dstc.qut.edu.au (garnet.dstc.qut.edu.au [131.181.71.36]) by thunder.dstc.qut.edu.au (8.10.1/8.10.1) with ESMTP id f7JMi7m15293 for <ietf-pkix@imc.org>; Mon, 20 Aug 2001 08:44:07 +1000 (EST) Message-Id: <200108192244.f7JMi7m15293@thunder.dstc.qut.edu.au> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 From: dpovey@wedgetail.com To: ietf-pkix@imc.org Subject: Suggestion for Logotypes draft Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 20 Aug 2001 08:44:06 +1000 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Firstly, just like to say that I support Stefan's proposal more or less as it stands. I think he has done a good job of thinking about the problem and coming up with a pragmatic solution. Just one suggestion. One of the comments made in London was a general desire to reduce the size of Certificates. By making the digest algorithm identifier optional and omitting it when it is the same algorithm used to sign the Certificate you would save about 10-15 bytes. Not much but perhaps worth doing if you have multiple logotypes. Cheers. Dean. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7HKQGg05871 for ietf-pkix-bks; Fri, 17 Aug 2001 13:26:16 -0700 (PDT) Received: from sentry.gw.tislabs.com (firewall-user@sentry.gw.tislabs.com [192.94.214.100]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7HKQFN05863 for <ietf-pkix@imc.org>; Fri, 17 Aug 2001 13:26:15 -0700 (PDT) Received: by sentry.gw.tislabs.com; id QAA00826; Fri, 17 Aug 2001 16:30:42 -0400 (EDT) Received: from clipper.gw.tislabs.com(10.33.1.2) by sentry.gw.tislabs.com via smap (V5.5) id xma000811; Fri, 17 Aug 01 16:29:58 -0400 Received: (from balenson@localhost) by clipper.gw.tislabs.com (8.9.3/8.9.1) id QAA09015 for ietf-pkix@imc.org; Fri, 17 Aug 2001 16:25:32 -0400 (EDT) Date: Fri, 17 Aug 2001 16:25:32 -0400 (EDT) From: "David M. Balenson" <balenson@tislabs.com> Message-Id: <200108172025.QAA09015@clipper.gw.tislabs.com> To: ietf-pkix@imc.org Subject: CFP: Submission deadline for NDSS'02 extended to Aug 29th Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Due to the unusually large number of requests for an extension, the submissions deadline for NDSS'02 has been extended to Wednesday August 29, 9:00am EST (U.S. east coast time). Paul Van Oorschot and Virgil Gligor Co-Chairs, NDSS'02 C A L L F O R P A P E R S Internet Society's 2002 Network and Distributed System Security Symposium (NDSS'02) Catamaran Resort - San Diego, California February 6-8, 2002 IMPORTANT DATES Paper and panel submissions due August 22, 2001 Author notification October 17, 2001 Final version of papers and panels due November 20, 2001 GOAL: The symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. The proceedings are published by the Internet Society. GENERAL CHAIR: Clifford Neuman, USC Information Sciences Institute PROGRAM CO-CHAIRS: Paul Van Oorschot, Entrust Technologies Virgil Gligor, University of Maryland TUTORIAL CHAIR: Eric Harder, National Security Agency LOCAL ARRANGEMENTS CHAIR: Thomas Hutton, San Diego Supercomputer Center PUBLICATIONS CHAIR: Mahesh Tripunitara, Purdue University PUBLICITY CHAIR: David Balenson, NAI Labs, Network Associates LOGISTICS CHAIR: Terry Weigler, Internet Society PROGRAM COMMITTEE: Steve Bellovin, AT&T Labs Research Dan Boneh, Stanford University Bill Cheswick, Lumeta Corporation Li Gong, Sun Microsystems Peter Gutmann, Univ. of Auckland, N.Z. Charlie Kaufman, Iris Associates Steve Kent, BBN Technologies Markus Kuhn, Univ. of Cambridge, U.K. Douglas Maughan, DARPA Kevin McCurley, IBM Almaden Research Gary McGraw, Cigital Fabian Monrose, Bell Labs Sandra Murphy, Network Associates Radha Poovendran, Univ. of Washington Michael Roe, Microsoft Research, U.K. Christoph Schuba, Sun Microsystems Clay Shields, Purdue University Jonathan Trostle, Cisco Systems Dan Wallach, Rice University OUTSTANDING PAPER AWARD: There will be an Outstanding Paper award. The award will be presented at the symposium to the authors of an outstanding paper, as selected by the Program Committee. SUBMISSIONS: Both technical papers and panel proposals are solicited. Technical papers must include a main body of at most 12 pages, with any additional details in clearly marked appendices for a combined total of at most 20 pages. Technical papers will appear in the proceedings. Panel proposals should be one page and must describe the topic, identify the panel chair, explain the panel format, and list three to four potential panelists. A description of each panel will appear in the proceedings, and may, at the discretion of the panel chair, include written position statements from the panelists. Submissions are solicited in, but not limited to, the following areas: * Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management, and the Web. * Intrusion avoidance, detection, and response: systems, experiences and architectures. * Attack-resistant protocols and services. * Network perimeter controls: firewalls, packet filters, application gateways. * Virtual private networks. * Public key infrastructure, key management, certification, and revocation. * Secure electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing. * Supporting security mechanisms and APIs; audit trails; accountability. * Implementation, deployment and management of network security policies. * Intellectual property protection: protocols, schemas, implementations, metering, watermarking, digital rights management. * Fundamental services on network and distributed systems: authentication, data integrity, confidentiality, authorization, non-repudiation, and availability. * Integrating security services with system and application security facilities and protocols: e.g., message handling, file transport/access, directories, time synchronization, data base management, boot services, mobile computing. * Security for emerging technologies: sensor networks, specialized testbeds, wireless/mobile (and ad hoc) networks, personal communication systems, and large heterogeneous distributed systems. * Special problems and case studies: e.g., interplay and tradeoffs between security and efficiency, usability, reliability and cost. * Security for collaborative applications and services: teleconferencing and video-conferencing, groupwork, etc. Each submission must contain a separate Submission Overview specifying the submission type (paper or panel), the title or topic, author names with organizational affiliations, and must specify a contact author along with corresponding phone number, FAX number, postal address and email address. Submissions must be received by August 22, 2001, and must be made electronically in either printable PostScript or PDF. Each submission will be acknowledged by e-mail; if acknowledgment is not received within seven days, contact a program co-chair (see above). Authors and panelists will be notified of acceptance by October 17, 2001, and given instructions for preparing the camera-ready copy. The camera-ready copy must be received by November 20, 2001. FURTHER INFORMATION: Official dates, the final call for papers, the advance program, and registration information will be available shortly at http://www.isoc.org/ndss2002. For official submission information, visit http://www.isoc.org/ndss2002/cfp. Internet Society 11150 Sunset Hills Road, Suite 100 Reston, VA 20191 USA Tel: +1 703 326 9880 Fax: +1 703 326 9880 www.isoc.org 4, rue des Falaises CH-1205 Geneva Switzerland Tel: +41 22 807 1444 Fax: +41 22 807 1445 www.isoc.org Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7FJOcQ08540 for ietf-pkix-bks; Wed, 15 Aug 2001 12:24:38 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7FJObN08536 for <ietf-pkix@imc.org>; Wed, 15 Aug 2001 12:24:37 -0700 (PDT) Received: from [128.33.238.53] (TC053.BBN.COM [128.33.238.53]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id PAA25407 for <ietf-pkix@imc.org>; Wed, 15 Aug 2001 15:24:32 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com (Unverified) Message-Id: <p05010400b7a021225f3d@[128.33.238.92]> Date: Wed, 15 Aug 2001 08:57:11 -0400 To: ietf-pkix@imc.org From: Stephen Kent <kent@bbn.com> Subject: slides Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Everyone who used slides in presentations at the PKIX WG meeting last week should send a copy of the slides (in PPT format) to me for forwarding to the IETF Secretariat. Thanks to Denis Pinkas, Steve Tuecke, Jim Schaad, and Stefan Santesson, who have already sent their slides. A draft copy of the meeting minutes will be available later this week. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7FEDEt21376 for ietf-pkix-bks; Wed, 15 Aug 2001 07:13:14 -0700 (PDT) Received: from brot.celocom.de (brot.celocom.de [212.78.104.200]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7FEDDN21372 for <ietf-pkix@imc.org>; Wed, 15 Aug 2001 07:13:13 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by brot.celocom.de (Postfix) with ESMTP id 2C31F3000E; Wed, 15 Aug 2001 16:13:10 +0200 (CEST) Received: from frolic.celocom.de (frolic.celocom.de [212.78.104.90]) by brot.celocom.de (Postfix) with ESMTP id 25AB63000D; Wed, 15 Aug 2001 16:13:08 +0200 (CEST) Message-ID: <3B7A836C.7D96EF04@celocom.de> Date: Wed, 15 Aug 2001 16:13:00 +0200 From: Bernd Matthes <bernd.matthes@celocom.de> Organization: Celo Communications -- a Gemplus Company X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: de,en MIME-Version: 1.0 To: ietf-pkix@imc.org Cc: time-stamping@cyber.ee Subject: Re: Timestamping server References: <200108150521.f7F5LfG0026320@hp735c.itsc.cuhk.edu.hk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> "S.T. Wong" wrote: > > Hello, > > I'm writing a simple timestamping client program to implement the new > timestamping draft (15). I'd like to know if there's any timestamping server > available for public to test. > > Would anyone please help? > > Thanks in advance. > Regards, > ST Wong Look here for an experimental HTTP server: http://pcardtest.celocom.de:4242/index.html Look at first with a browser for informations. Feel free for comments. with regards -- Mors certa, hora incerta. In dubio pro mille. -------------------------------------------------------------------- Bernd Matthes Celo Communications GmbH Senior Software Engineer - a Gemplus Company Dipl.-Ing.(FH) mailto:bernd.matthes@gemplus.com -------------------------------------------------------------------- If they can't talk SMTP, they can't expect to talk with me. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7EB2kN04306 for ietf-pkix-bks; Tue, 14 Aug 2001 04:02:46 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7EB2jN04302 for <ietf-pkix@imc.org>; Tue, 14 Aug 2001 04:02:45 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA26173; Tue, 14 Aug 2001 07:01:34 -0400 (EDT) Message-Id: <200108141101.HAA26173@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-proxy-01.txt Date: Tue, 14 Aug 2001 07:01:33 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Proxy Certificate Profile Author(s) : S. Tuecke et al. Filename : draft-ietf-pkix-proxy-01.txt Pages : 32 Date : 13-Aug-01 This document forms a certificate profile for Proxy Certificates, based on X.509 PKI certificates as defined in draft-ietf-pkix-new- part1-08.txt (the draft update to RFC 2459), for use in the Internet. The term Proxy Certificate is used to describe a certificate that is derived from, and signed by, a normal X.509 Public Key End Entity Certificate or by another Proxy Certificate for the purpose of providing restricted impersonation within a PKI based authentication system. This draft replaces draft-ietf-pkix- impersonation-00. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-01.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-proxy-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-proxy-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010813125413.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-proxy-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-proxy-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010813125413.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7DETe021772 for ietf-pkix-bks; Mon, 13 Aug 2001 07:29:40 -0700 (PDT) Received: from dolk.extundo.com (dolk.extundo.com [195.42.214.242]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7DETbN21767 for <ietf-pkix@imc.org>; Mon, 13 Aug 2001 07:29:37 -0700 (PDT) Received: from barbar.josefsson.org (slipsten.extundo.com [195.42.214.241]) (authenticated) by dolk.extundo.com (8.11.3/8.11.3) with ESMTP id f7DETgw21569; Mon, 13 Aug 2001 16:29:43 +0200 To: Stefan Santesson <stefan@addtrust.com> Cc: ietf-pkix@imc.org Subject: Re: Logotype images References: <5.0.0.25.2.20010813105649.062d5968@mail.addtrust.com> From: Simon Josefsson <sjosefsson@rsasecurity.com> In-Reply-To: <5.0.0.25.2.20010813105649.062d5968@mail.addtrust.com> (Stefan Santesson's message of "Mon, 13 Aug 2001 11:08:19 +0200") Date: Mon, 13 Aug 2001 16:29:35 +0200 Message-ID: <ilu8zgoyqwg.fsf@barbar.josefsson.org> Lines: 48 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/21.0.104 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Stefan Santesson <stefan@addtrust.com> writes: > Since logotypes in certificates now is an approved PKIX work item > there are some practical aspects to deal with. > > 1) Logotype image size or scalable images. > > We probably need to define a standard size for logotype images or find > another way to define scalable logotypes in order to enhance > homogeneous display of certificates. > > The alternative is to allow scalable logotypes but I have been told > that there are no easy and appropriate ways to do this. > > 2) Colour and B&W images. > > Some clients, such as mobile phones does not have colour display and > colour images may not work in B&W. > We probably need a convension that allows inclusion of 2 images for > each logotype (colour and B&W). > Possible solotions are either a convension defined in the ASN.1 > structure or just a file naming convension for the image files. > > Any suggestions? Did you consider W3C's Scalable Vector Graphics (SVG) format? Two resource pagees: http://www.w3.org/Graphics/SVG/Overview.htm8 There is W3C note on accessibility features of SVG that apply to constraint devices as well: http://www.w3.org/TR/SVG-access/ Abstract Scalable Vector Graphics (SVG) offers a number of features to make graphics on the Web more accessible than is currently possible, to a wider group of users. Users who benefit include users with low vision, color blind or blind users, and users of assistive technologies. A number of these SVG features can also increase usability of content for many users without disabilities, such as users of personal digital assistants, mobile phones or other non-traditional Web access devices. Accessibility requires that the features offered by SVG are correctly used and supported. This Note describes the SVG features that support accessibility and illustrates their use with examples. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7DD2Ox19082 for ietf-pkix-bks; Mon, 13 Aug 2001 06:02:24 -0700 (PDT) Received: from claudio.bib.co.uk (gateway.bib.co.uk [195.171.24.2]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7DD2MN19078 for <ietf-pkix@imc.org>; Mon, 13 Aug 2001 06:02:23 -0700 (PDT) Received: from 127.0.0.1 by claudio.bib.co.uk (InterScan E-Mail VirusWall NT); Mon, 13 Aug 2001 14:01:34 +0100 Received: by claudio with Internet Mail Service (5.5.2653.19) id <QALMP5NZ>; Mon, 13 Aug 2001 14:01:34 +0100 Message-ID: <36086CC80304D3119B040008C75DF596095F20C5@claudio> From: "Bland, Graham" <Graham.Bland@open-talk.co.uk> To: "'John Lowry'" <jlowry@bbn.com>, "Bland, Graham" <Graham.Bland@open-talk.co.uk>, "'Stefan Santesson'" <stefan@addtrust.com>, ietf-pkix@imc.org Subject: RE: Logotype images Date: Mon, 13 Aug 2001 14:01:33 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: text/plain; charset="iso-8859-1" I agree with the second sentiment. However as the purpose is to allow the display of a recognisable graphic logo the type of logo included is going to be the whole specification. If the logo is not defined then it is just another non critical extension where the contents are relatively? undefined. I just thought of another issue, if a standard size is defined then what about the aspect ratio, organisations have different shaped logos and would probably not like to see them truncated or surrounded by a coloured band if whitespace is carried in the image. Graham > -----Original Message----- > From: John Lowry [mailto:jlowry@bbn.com] > Sent: 13 August 2001 13:54 > To: Bland, Graham; 'Stefan Santesson'; ietf-pkix@imc.org > Subject: RE: Logotype images > > > Surely this is an application-specific function ? > We don't worry about how text gets translated into > various fonts - do we ? > > Of course, the easiest and best solution would be > to get rid of the logotype entirely :-) > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Bland, Graham > > Sent: Monday, August 13, 2001 8:23 AM > > To: 'Stefan Santesson'; ietf-pkix@imc.org > > Subject: RE: Logotype images > > > > > > B&W is not quite that simple, nor is colour. > > > > For B&W how many greys are supported, 2 to 256 seems the likely > > range, also > > for colour what colour palettes are supported. There is > also the issue of > > screen resolution, if the size is to be standard expressed as 1" > > x 0.5" then > > displays must scale the image depending on the pixels > included, or if the > > size is expressed in pixels then it will be very small on a high > > resolution > > screen display and cover the whole screen on a WAP Phone. > > > > As another consideration, what are the minimum display > > resolutions allowed, > > I presume this would depend on the image, Can the image be > displayed in 5 > > pixels by 3 pixels (an extreme case but what is the limit). > > > > Should the image be a standard format such as a JPEG in > which case scaling > > becomes easier as long as the device supports the image type. > > > > > > Graham Bland > > > > > > > -----Original Message----- > > > From: Stefan Santesson [mailto:stefan@addtrust.com] > > > Sent: 13 August 2001 10:08 > > > To: ietf-pkix@imc.org > > > Subject: Logotype images > > > > > > > > > > > > Since logotypes in certificates now is an approved PKIX work > > > item there are > > > some practical aspects to deal with. > > > > > > 1) Logotype image size or scalable images. > > > > > > We probably need to define a standard size for logotype > > > images or find > > > another way to define scalable logotypes in order to enhance > > > homogeneous > > > display of certificates. > > > > > > The alternative is to allow scalable logotypes but I have > > > been told that > > > there are no easy and appropriate ways to do this. > > > > > > 2) Colour and B&W images. > > > > > > Some clients, such as mobile phones does not have colour > > > display and colour > > > images may not work in B&W. > > > We probably need a convension that allows inclusion of 2 > > > images for each > > > logotype (colour and B&W). > > > Possible solotions are either a convension defined in the > > > ASN.1 structure > > > or just a file naming convension for the image files. > > > > > > Any suggestions? > > > > > > /Stefan > > > > > > --------------InterScan_NT_MIME_Boundary Content-Type: text/plain; name="Open_Interactive_Disclaimer.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Open_Interactive_Disclaimer.txt" This message is confidential and is intended for the addressee only; unless clearly stated that this disclaimer should not apply, this e-mail is not intended to create legally binding commitments on behalf of any company in the British Interactive Broadcasting Holding Limited group, nor do its contents reflect the corporate views or policies of any such company. Any unauthorised disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately. --------------InterScan_NT_MIME_Boundary-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7DCscp18872 for ietf-pkix-bks; Mon, 13 Aug 2001 05:54:38 -0700 (PDT) Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7DCsaN18868 for <ietf-pkix@imc.org>; Mon, 13 Aug 2001 05:54:36 -0700 (PDT) Received: from JLOWRY1 (dhcp33-085-176.bbn.com [128.33.85.176]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with SMTP id IAA25380; Mon, 13 Aug 2001 08:55:58 -0400 (EDT) From: "John Lowry" <jlowry@bbn.com> To: "Bland, Graham" <Graham.Bland@open-talk.co.uk>, "'Stefan Santesson'" <stefan@addtrust.com>, <ietf-pkix@imc.org> Subject: RE: Logotype images Date: Mon, 13 Aug 2001 08:53:43 -0400 Message-ID: <NEBBICMMLAKPAGAEJCHEKEHLDJAA.jlowry@bbn.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <36086CC80304D3119B040008C75DF596095F20C3@claudio> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Surely this is an application-specific function ? We don't worry about how text gets translated into various fonts - do we ? Of course, the easiest and best solution would be to get rid of the logotype entirely :-) > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Bland, Graham > Sent: Monday, August 13, 2001 8:23 AM > To: 'Stefan Santesson'; ietf-pkix@imc.org > Subject: RE: Logotype images > > > B&W is not quite that simple, nor is colour. > > For B&W how many greys are supported, 2 to 256 seems the likely > range, also > for colour what colour palettes are supported. There is also the issue of > screen resolution, if the size is to be standard expressed as 1" > x 0.5" then > displays must scale the image depending on the pixels included, or if the > size is expressed in pixels then it will be very small on a high > resolution > screen display and cover the whole screen on a WAP Phone. > > As another consideration, what are the minimum display > resolutions allowed, > I presume this would depend on the image, Can the image be displayed in 5 > pixels by 3 pixels (an extreme case but what is the limit). > > Should the image be a standard format such as a JPEG in which case scaling > becomes easier as long as the device supports the image type. > > > Graham Bland > > > > -----Original Message----- > > From: Stefan Santesson [mailto:stefan@addtrust.com] > > Sent: 13 August 2001 10:08 > > To: ietf-pkix@imc.org > > Subject: Logotype images > > > > > > > > Since logotypes in certificates now is an approved PKIX work > > item there are > > some practical aspects to deal with. > > > > 1) Logotype image size or scalable images. > > > > We probably need to define a standard size for logotype > > images or find > > another way to define scalable logotypes in order to enhance > > homogeneous > > display of certificates. > > > > The alternative is to allow scalable logotypes but I have > > been told that > > there are no easy and appropriate ways to do this. > > > > 2) Colour and B&W images. > > > > Some clients, such as mobile phones does not have colour > > display and colour > > images may not work in B&W. > > We probably need a convension that allows inclusion of 2 > > images for each > > logotype (colour and B&W). > > Possible solotions are either a convension defined in the > > ASN.1 structure > > or just a file naming convension for the image files. > > > > Any suggestions? > > > > /Stefan > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7DCNgg17985 for ietf-pkix-bks; Mon, 13 Aug 2001 05:23:42 -0700 (PDT) Received: from claudio.bib.co.uk (gateway.bib.co.uk [195.171.24.2]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7DCNeN17980 for <ietf-pkix@imc.org>; Mon, 13 Aug 2001 05:23:40 -0700 (PDT) Received: from 127.0.0.1 by claudio.bib.co.uk (InterScan E-Mail VirusWall NT); Mon, 13 Aug 2001 13:22:58 +0100 Received: by claudio with Internet Mail Service (5.5.2653.19) id <QALMPZ01>; Mon, 13 Aug 2001 13:22:58 +0100 Message-ID: <36086CC80304D3119B040008C75DF596095F20C3@claudio> From: "Bland, Graham" <Graham.Bland@open-talk.co.uk> To: "'Stefan Santesson'" <stefan@addtrust.com>, ietf-pkix@imc.org Subject: RE: Logotype images Date: Mon, 13 Aug 2001 13:22:57 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: text/plain; charset="iso-8859-1" B&W is not quite that simple, nor is colour. For B&W how many greys are supported, 2 to 256 seems the likely range, also for colour what colour palettes are supported. There is also the issue of screen resolution, if the size is to be standard expressed as 1" x 0.5" then displays must scale the image depending on the pixels included, or if the size is expressed in pixels then it will be very small on a high resolution screen display and cover the whole screen on a WAP Phone. As another consideration, what are the minimum display resolutions allowed, I presume this would depend on the image, Can the image be displayed in 5 pixels by 3 pixels (an extreme case but what is the limit). Should the image be a standard format such as a JPEG in which case scaling becomes easier as long as the device supports the image type. Graham Bland > -----Original Message----- > From: Stefan Santesson [mailto:stefan@addtrust.com] > Sent: 13 August 2001 10:08 > To: ietf-pkix@imc.org > Subject: Logotype images > > > > Since logotypes in certificates now is an approved PKIX work > item there are > some practical aspects to deal with. > > 1) Logotype image size or scalable images. > > We probably need to define a standard size for logotype > images or find > another way to define scalable logotypes in order to enhance > homogeneous > display of certificates. > > The alternative is to allow scalable logotypes but I have > been told that > there are no easy and appropriate ways to do this. > > 2) Colour and B&W images. > > Some clients, such as mobile phones does not have colour > display and colour > images may not work in B&W. > We probably need a convension that allows inclusion of 2 > images for each > logotype (colour and B&W). > Possible solotions are either a convension defined in the > ASN.1 structure > or just a file naming convension for the image files. > > Any suggestions? > > /Stefan > --------------InterScan_NT_MIME_Boundary Content-Type: text/plain; name="Open_Interactive_Disclaimer.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Open_Interactive_Disclaimer.txt" This message is confidential and is intended for the addressee only; unless clearly stated that this disclaimer should not apply, this e-mail is not intended to create legally binding commitments on behalf of any company in the British Interactive Broadcasting Holding Limited group, nor do its contents reflect the corporate views or policies of any such company. Any unauthorised disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately. --------------InterScan_NT_MIME_Boundary-- Received: by above.proper.com (8.11.3/8.11.3) id f7D98OG05227 for ietf-pkix-bks; Mon, 13 Aug 2001 02:08:24 -0700 (PDT) Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7D98LN05222 for <ietf-pkix@imc.org>; Mon, 13 Aug 2001 02:08:22 -0700 (PDT) Received: from santesson.addtrust.com ([192.168.101.114]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.1600); Mon, 13 Aug 2001 11:07:43 +0200 Message-Id: <5.0.0.25.2.20010813105649.062d5968@mail.addtrust.com> X-Sender: sts@mail.addtrust.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 13 Aug 2001 11:08:19 +0200 To: ietf-pkix@imc.org From: Stefan Santesson <stefan@addtrust.com> Subject: Logotype images In-Reply-To: <OF3C89491B.55B01CBE-ON85256AA0.00120B5B@pok.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-OriginalArrivalTime: 13 Aug 2001 09:07:43.0411 (UTC) FILETIME=[69445030:01C123D7] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Since logotypes in certificates now is an approved PKIX work item there are some practical aspects to deal with. 1) Logotype image size or scalable images. We probably need to define a standard size for logotype images or find another way to define scalable logotypes in order to enhance homogeneous display of certificates. The alternative is to allow scalable logotypes but I have been told that there are no easy and appropriate ways to do this. 2) Colour and B&W images. Some clients, such as mobile phones does not have colour display and colour images may not work in B&W. We probably need a convension that allows inclusion of 2 images for each logotype (colour and B&W). Possible solotions are either a convension defined in the ASN.1 structure or just a file naming convension for the image files. Any suggestions? /Stefan Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7A8h0C03749 for ietf-pkix-bks; Fri, 10 Aug 2001 01:43:00 -0700 (PDT) Received: from phnxpop5.phnx.uswest.net (phnxpop5.phnx.uswest.net [206.80.192.5]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7A8gwN03743 for <ietf-pkix@imc.org>; Fri, 10 Aug 2001 01:42:59 -0700 (PDT) Received: (qmail 43131 invoked by uid 0); 10 Aug 2001 08:42:57 -0000 Received: from ajdialup184.phnx.uswest.net (HELO ?192.168.0.3?) (63.225.199.184) by phnxpop5.phnx.uswest.net with SMTP; 10 Aug 2001 08:42:57 -0000 Date: Fri, 10 Aug 2001 01:40:50 -0700 Message-Id: <a05100307b7994dd75bd9@[192.168.0.3]> From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> To: "X.509": ; Mime-Version: 1.0 X-Sender: hoytkesterson@mail.earthlink.net Subject: corrected URL to the revised announcement Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> The agenda for the meeting in Flagstaff has been changed such that work on X.509 will be on Tuesday and Wednesday, 25 and 26 September, instead of Wednesday and Thursday as originally scheduled. The complete revised agenda can be found in the revised announcement at ftp://ftp.bull.com/pub/OSIdirectory/Flagstaff2001/announcementRev1.pdf I have been told that Netscape 4.6 works (but by a person who works for Bull). I was using 4.77 and the Netscape support person tried 4.78 and 6.1 hoyt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7A7nFP00576 for ietf-pkix-bks; Fri, 10 Aug 2001 00:49:15 -0700 (PDT) Received: from phnxpop3.phnx.uswest.net (phnxpop3.phnx.uswest.net [206.80.192.3]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7A7nEN00569 for <ietf-pkix@imc.org>; Fri, 10 Aug 2001 00:49:14 -0700 (PDT) Received: (qmail 1268 invoked by uid 0); 10 Aug 2001 07:49:08 -0000 Received: from azdialup204.phnx.uswest.net (HELO ?192.168.0.3?) (63.225.215.204) by phnxpop3.phnx.uswest.net with SMTP; 10 Aug 2001 07:49:08 -0000 Date: Fri, 10 Aug 2001 00:48:35 -0700 Message-Id: <a05100303b7993a0bb51e@[192.168.0.3]> From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> To: "X.509": ; Mime-Version: 1.0 X-Sender: hoytkesterson@mail.earthlink.net Subject: Canadian contribution on enhancements to public-key and attribute certificates Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> The Canadian contribution on SC06 N 11987 Revised Working Document on Enhancements to Public-key and Attribute Certificates has been distributed by the SSC6 Secretariat as SC06 N 12011 It can be found at ftp://ftp.bull.com/pub/OSIdirectory/Flagstaff2001/InputDocuments/6N12011CanadaOnCertWD.pdf The agenda for the meeting in Flagstaff has been changed such that work on X.509 will be on Tuesday and Wednesday, 25 and 26 September, instead of Wednesday and Thursday as originally scheduled. The complete revised agenda can be found in the revised announcement at ftp://ftp.bull.com/pub/OSIdirectory/Flagstaff2001/announcementRev1.doc The worm that is munching its way through the internet has caused the administrator of the ftp.bull.com system to tighten up its port control. Unfortunately, the Netscape browser wants to use a port that is blocked. The result is that use of the URLs above results in no response from the server. I was told that IE works and so does my old rock solid VersaTerm FTP Link application. I spent $30 to hear a Netscape support person tell me that although he had confirmed that neither current release of Netscape would work and that although his IE browser would work, the fact that one server could not be accessed was not important enough to spend time on. Therefore, I have not been able to check, as i normally do, that the URLs are correct. Please let me know if you have a problem. Meanwhile I am out looking for a browser that will run on a MAC and support FTP in a directory browsing mode. Recommendations gratefully accepted. hoyt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f79Iswf29816 for ietf-pkix-bks; Thu, 9 Aug 2001 11:54:58 -0700 (PDT) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f79IsuN29812; Thu, 9 Aug 2001 11:54:56 -0700 (PDT) Received: (from nobody@localhost) by email.nist.gov (8.9.3/8.9.3) id OAA18429; Thu, 9 Aug 2001 14:55:09 -0400 (EDT) From: C Michael Chernick <chernick@nist.gov> To: ietf-smime@imc.org, ietf-pkix@imc.org Subject: Draft NIST S/MIME Profile available (Comment Period Extended) Message-ID: <997383309.3b72dc8d438a2@email.nist.gov> Date: Thu, 09 Aug 2001 14:55:09 -0400 (EDT) Cc: chernick@nist.gov, Tim.Polk@nist.gov MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.5 X-Originating-IP: 217.33.146.249 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> FYI, At yesterday's SMIME session at the London IETF, it was suggested that NIST extend the deadline for comments on the Draft NIST S/MIME V3 Client Profile. Also, it was suggested that this notice be sent to the PKIX list as well as the SMIME list. Thus, I am resending the announcement sent out by Tim Polk on Monday, 2 July 2001 to the SMIME list. The deadline for comments has been extended until 17 September 2001. Thanks, Mike Chernick ---------Original Message Sent by Tim Polk to SMIME List on 2 July--------- FYI, I have attached below the announcement for a recently released NIST draft document concerning S/MIME V3. The document is intended to define an appropriate subset of the S/MIME standards for broad application in the U.S. Federal Government. NIST will be supporting this document through the development of an automated conformance testing tool. We hope the deployment of this tool will ease the development of conformant S/MIME V3 clients! We are very interested in comments from both developers and the user community. Please take the time to review the draft profile and NIST's plans for the automated testing facility. We would appreciate comments on the profile by 17 August 2001 (now extended to 17 September). Please send comments to Mike Chernick (NIST's S/MIME project leader) at <chernick@nist.gov>. BTW, Mike will be presenting an overview of this project in the S/MIME WG during the London IETF meeting. Both Mike and I will be there all week, and will be available to discuss this project. Thanks! Tim Polk ---------------------- The U.S. National Institute of Standards and Technology (NIST) has recently released a draft S/MIME V3 Client Profile. This profile was produced as guidance in the development and procurement of commercial-off-the-shelf (COTS) S/MIME-compliant products. This profile document identifies requirements for a secure and interoperable S/MIME V3 client implementation. The profile cites requirements for sending and receiving both signed and encrypted messages, as well as requirements for signed receipt processing. Although the S/MIME specifications were designed to promote interoperable secure electronic mail, implementations may support different optional services and the specifications may unintentionally allow multiple interpretations. As a result, different implementations of S/MIME may not be fully interoperable or provide the desired level of security. Conformance to this proposed profile will help to assure that S/MIME implementations will be able to interoperate and provide reasonable security assurance to users. The Draft Profile is available (in PDF format) for public comment at: http://csrc.ncsl.nist.gov/pki/smime/draft_SMIMEProfile.pdf Comments are requested by (**was 17 August 2001**) *****NOW EXTENDED TO 17 September 2001***** and should be sent to chernick@nist.gov. NIST is developing tests and testing tools to determine the level of conformance of an S/MIME V3 client implementation with this profile. It is planned that within the next several months, NIST will have a remote testing facility on-line which will allow S/MIME V3 messages to be sent to the NIST test site for processing to determine if the remotely generated messages conform to the profile. In addition, messages may be sent to the test site to cause the NIST site to emit S/MIME V3 messages so that a remote system may receive S/MIME V3 messages, and verify that remote system can process the messages correctly. Further information on the NIST S/MIME Program may be obtained at http://csrc.ncsl.nist.gov/pki/smime/welcome.htm or by contacting Michael Chernick at <chernick@nist.gov>. -------------------------------------------------------------------------------- C. Michael Chernick +1-301-975-3610 chernick@nist.gov Computer Security Division National Institute of Standards and Technology (NIST) -------------------------------------------------------------------------------- Received: by above.proper.com (8.11.3/8.11.3) id f79G7q226116 for ietf-pkix-bks; Thu, 9 Aug 2001 09:07:52 -0700 (PDT) Received: from thalia.fm.intel.com (fmfdns02.fm.intel.com [132.233.247.11]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f79G7pN26111 for <ietf-pkix@imc.org>; Thu, 9 Aug 2001 09:07:51 -0700 (PDT) Received: from fmsmsxvs040.fm.intel.com (fmsmsxv040-1.fm.intel.com [132.233.48.108]) by thalia.fm.intel.com (8.9.1a+p1/8.9.1/d: relay.m4,v 1.41 2001/07/09 21:06:22 root Exp $) with SMTP id QAA18028 for <ietf-pkix@imc.org>; Thu, 9 Aug 2001 16:07:53 GMT Received: from fmsmsx17.intel.com ([132.233.48.17]) by fmsmsxvs040.fm.intel.com (NAVGW 2.5.1.6) with SMTP id M2001080909073318167 for <ietf-pkix@imc.org>; Thu, 09 Aug 2001 09:07:33 -0700 Received: by fmsmsx17.fm.intel.com with Internet Mail Service (5.5.2653.19) id <QML695TY>; Thu, 9 Aug 2001 09:08:37 -0700 Message-ID: <8DCFE693DDFFD111AC4100A0C9B8DB9405DF1F7D@hdsmsx33.hd.intel.com> From: "Eissa, Mohamed" <mohamed.eissa@intel.com> To: ietf-pkix@imc.org Cc: "Treleaven, Russell" <russell.treleaven@intel.com> Subject: pki alt-subject and unstructured name Date: Thu, 9 Aug 2001 09:07:47 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Hi, I am trying to locate the authoritative document regarding alt-subject and unstructured name fields in x509 certificates. What I'm trying to find out is how they are used to map enrollment requests from one scep server to multiple ca's? Sincerely, Mohamed Eissa Intel Canada Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f79Args05611 for ietf-pkix-bks; Thu, 9 Aug 2001 03:53:42 -0700 (PDT) Received: from btclick.com (mta01.btfusion.com [62.172.195.11]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f79AmQN05331; Thu, 9 Aug 2001 03:48:37 -0700 (PDT) Received: from JOHNVARSYSTEM ([213.123.188.215]) by btclick.com (Netscape Messaging Server 4.05) with SMTP id GHSRBP05.F0I; Thu, 9 Aug 2001 11:47:49 +0100 From: "John Ross" <ross@secstan.com> To: <ietf-smime@imc.org>, <ietf-pkix@imc.org>, "XMLSigWG" <w3c-ietf-xmldsig@w3.org> Subject: Comments requested on ETSI Draft TR "XML format for signature policies" Date: Thu, 9 Aug 2001 11:49:28 +0100 Message-ID: <OJEGJPPIEHDMFOOFHILLKEIPCDAA.ross@secstan.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Request for comments on draft ETSI TR on XML based Signature Policies: This draft ETSI technical report defines Signature Policies using XML which are based on the ASN.1 Signature Policies defined in ETSI TS 101 733 and RFC 3125. This draft TR is offered as a starting point for discussion on XML based Signature Policies. All comments received will help to determine the future direction this work item will take in ETSI. This draft technical report is being made publicly available for review and comment by any company, individual or organisation with interest in this area. A copy can be obtained through the ETSI El Sign web site (see below). Comments are requested by 14th September. Background The development of this technical report "XML format for signature policies" is one of the tasks the ETSI Electronic Signature and Infrastructure Working Group is progressing within the European Electronic Signature Standardisation Initiative (EESSI). The ETSI El Sign Web-site (see below) provides further information about the ETSI activities and the EESSI program. REQUESTED ACTION Please send your comments and suggestions not later than 14 September to the ETSI El Sign e-mail list EL-SIGN@LIST.ETSI.FR, with copy to the editor on cruellas@ac.upc.es . Please put "ETSI-XML-SigPol" at the front of the Subject field of all submissions to the e-mail list on this topic. To register with the EL-SIGN list and download the draft document (STF178Task3DraftTR.pdf) see: http://www.etsi.org/sec/el-sign.htm The purpose of the open e-mail list is to stimulate discussion of the published comments and contributions. Therefore, early submissions are welcome. We expect that discussions will go on through the open e-mail list under and after the comments period. With regards Juan Carlos Cruellas (Universitat Politecnica de Catalunya) Editor - XML format for signature policies cruellas@ac.upc.es and György Endersz, Telia Research AB Chair ETSI ESI Working Group gyorgy.g.endersz@telia.se Received: by above.proper.com (8.11.3/8.11.3) id f779PFe22537 for ietf-pkix-bks; Tue, 7 Aug 2001 02:25:15 -0700 (PDT) Received: from p-mail1.cnet.fr (p-mail1.rd.francetelecom.fr [193.49.124.31]) by above.proper.com (8.11.3/8.11.3) with SMTP id f779PDN22533 for <ietf-pkix@imc.org>; Tue, 7 Aug 2001 02:25:13 -0700 (PDT) Received: by p-biset.rd.francetelecom.fr with Internet Mail Service (5.5.2653.19) id <QFRKAJY5>; Tue, 7 Aug 2001 11:07:29 +0200 Received: from francetelecom.com (lsun607.rd.francetelecom.fr [161.104.14.41]) by l-mhs1.rd.francetelecom.fr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QN9SBDLT; Tue, 7 Aug 2001 11:06:49 +0200 Message-ID: <3B6FB042.E6E05936@francetelecom.com> Date: Tue, 07 Aug 2001 11:09:22 +0200 From: Olivier DUBUISSON <Olivier.Dubuisson@francetelecom.com> Organization: France Telecom R&D X-Mailer: Mozilla 4.51 [en] (X11; I; SunOS 5.8 sun4u) X-Accept-Language: fr-FR, en MIME-Version: 1.0 To: Hideyuki Odahara <odahara@dsa.isl.ntt.co.jp> CC: ietf-pkix@imc.org Subject: Re: draft-ietf-pkix-ac509prof-09 ASN.1 "IMPLICIT" References: <20010807142146.A6E6.ODAHARA@dsa.isl.ntt.co.jp> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Hideyuki Odahara wrote: > > I've read the draft-ietf-pkix-ac509prof-09 and > the draft-ietf-pkix-ac509prof-06. > And I found the difference about ASN.1 Notation. > It was "IMPLICIT". > > draft-ietf-pkix-ac509prof-09 wrote: > ------------------------------------ > Appendix B: ASN.1 Module > > PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) > internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) > id-mod-attribute-cert(12)} > > DEFINITIONS IMPLICIT TAGS ::= > ^^^^^^^^ > BEGIN > > -- EXPORTS ALL -- > ------------------------------------- > > draft-ietf-pkix-ac509prof-06 wrote: > ------------------------------------- > Appendix B: ASN.1 Module > > PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) > internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) > id-mod-attribute-cert(12)} > > DEFINITIONS EXPLICIT TAGS ::= > ^^^^^^^^ > BEGIN > > -- EXPORTS ALL -- > ------------------------------------- > > Why did "EXPLICIT" change to "IMPLICIT". > There is no reason and no description about > chainging at Appendix C:Change History. > > Please tell me. I remember Phil Griffin pointing this mistake (at least to me) some months ago. I'm not involved in the history of PKIX, but to me, the biggest mistake above is to keep the same OID for two modules that are not compatible as far as encoding goes. -- Olivier DUBUISSON france telecom R&D _ DTL/MSV - 22307 Lannion Cedex - France ( ) tel: +33 2 96 05 38 50 - fax: +33 2 96 05 39 45 /.\/ -------------------------------------- \_/\ Site ASN.1 : http://asn1.elibel.tm.fr/ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f775Mn224907 for ietf-pkix-bks; Mon, 6 Aug 2001 22:22:49 -0700 (PDT) Received: from tama3.tas.ntt.co.jp (tama3.tas.ntt.co.jp [192.68.248.40]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f775MkN24903 for <ietf-pkix@imc.org>; Mon, 6 Aug 2001 22:22:47 -0700 (PDT) Received: from nttmail.ecl.ntt.co.jp (nttmail.tas.ntt.co.jp [192.68.248.11]) by tama3.tas.ntt.co.jp (8.9.3+3.2W/3.7W/01/21/00) with ESMTP id OAA24125 for <ietf-pkix@imc.org>; Tue, 7 Aug 2001 14:22:44 +0900 (JST) (envelope-from odahara@dsa.isl.ntt.co.jp) Received: from dsa.isl.ntt.co.jp by nttmail.ecl.ntt.co.jp (8.9.3+3.2W/3.7W/03/21/01) with ESMTP id OAA15559 for <ietf-pkix@imc.org>; Tue, 7 Aug 2001 14:22:43 +0900 (JST) (envelope-from odahara@dsa.isl.ntt.co.jp) Received: from cats by dsa.isl.ntt.co.jp (8.11.5/isl-2.0) id f775Mgm60121; Tue, 7 Aug 2001 14:22:42 +0900 (JST) Date: Tue, 07 Aug 2001 14:23:53 +0900 From: Hideyuki Odahara <odahara@dsa.isl.ntt.co.jp> To: ietf-pkix@imc.org Subject: draft-ietf-pkix-ac509prof-09 ASN.1 "IMPLICIT" Message-Id: <20010807142146.A6E6.ODAHARA@dsa.isl.ntt.co.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-2022-JP" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.00.03 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I've read the draft-ietf-pkix-ac509prof-09 and the draft-ietf-pkix-ac509prof-06. And I found the difference about ASN.1 Notation. It was "IMPLICIT". draft-ietf-pkix-ac509prof-09 wrote: ------------------------------------ Appendix B: ASN.1 Module PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert(12)} DEFINITIONS IMPLICIT TAGS ::= ^^^^^^^^ BEGIN -- EXPORTS ALL -- ------------------------------------- draft-ietf-pkix-ac509prof-06 wrote: ------------------------------------- Appendix B: ASN.1 Module PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert(12)} DEFINITIONS EXPLICIT TAGS ::= ^^^^^^^^ BEGIN -- EXPORTS ALL -- ------------------------------------- Why did "EXPLICIT" change to "IMPLICIT". There is no reason and no description about chainging at Appendix C:Change History. Please tell me. regards ---------- Hideyuki Odahara $B!'(B odahara@dsa.isl.ntt.co.jp Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f763gmr21328 for ietf-pkix-bks; Sun, 5 Aug 2001 20:42:48 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f763gks21324 for <ietf-pkix@imc.org>; Sun, 5 Aug 2001 20:42:46 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id XAA194050; Sun, 5 Aug 2001 23:40:40 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97) with ESMTP id f763Yum09490; Sun, 5 Aug 2001 23:34:56 -0400 Importance: Normal Subject: Re: Verifying Certificates when CA key update To: li yunfeng <forward_li@yahoo.com.cn> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-ID: <OF3C89491B.55B01CBE-ON85256AA0.00120B5B@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Sun, 5 Aug 2001 23:22:21 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 08/05/2001 11:42:43 PM MIME-Version: 1.0 Content-type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by above.proper.com id f763gks21325 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> I must not have been clear enough. IMO the check which improves security is that the issuer and subject names are equivalent. Setting these certificates to v1has independent value only if the RP knows that all other certificates issued by this CA are v3, which cannot generally be the case. Good luck with your implementation. Tom Gindin li yunfeng <forward_li@yahoo.com.cn> on 08/04/2001 03:34:56 AM To: Tom Gindin <tgindin@us.ibm.com> cc: ietf-pkix@imc.org Subject: Re: Verifying Certificates when CA key update Thank Tom Gindin for answer me. I think if a attacker can requre a cross certificate form a CA,then he can spool as a CA.This is based on the opinion of RFC2510 that when CA update its own key for sign certificate, it will publish the oldwithnwe ,newwithold,and newwithnew certificate. If the CA publish the oldwithold certificate at the same time we can prevent the attacker's spooling. Because we can trust the public key in oldwithold certificate not trust the public key in oldwithnew certificate. All in all thanks Tom Gindin for giving me these insturct and i will implement the software as you teach me that set the version of oldwithnew to v1. --- Tom Gindin <tgindin@us.ibm.com> µÄÕýÎÄ£º> > > While I'm not sure what you mean by "chived" > here (perhaps > "spoofed"?), an OldWithNew certificate should be > distinguishable from > end-user certificates by several means. First, the > subject name and the > issuer name should match each other. Second, it > should IMO be either a v1 > certificate or contain a CA flag in a basic > constraints extension - I would > prefer the latter but it would be wise to find out > from the actual > implementors which they're using. The second check > does not protect > against an attack by the subject of a cross > certificate, but the first > does. > Do we need to add to point 1 of 2.4.2.2 (of > rfc2510bis-04) at least > the first of these checks? If so, do we need to > make the same change in > 2.4.2.3? I would think that we do, so thank you for > bringing this up. > > Tom Gindin > > > li yunfeng <forward_li@yahoo.com.cn>@mail.imc.org on > 08/02/2001 12:05:15 AM > > Sent by: owner-ietf-pkix@mail.imc.org > > > To: ietf-pkix@imc.org > cc: > Subject: Verifying Certificates when CA key update > > > > In the document "Inernet X.509 Public Key > Infrastructure Certificate Management Protocols > <draft-ietf-pkix-rfc2510bits-03.txt>" 2.4.2segment > says that when CA key update the verifier can verify > other person's certificate using OLDwhithNEW > certificate. > If we use this methord , we will be chived by other > who get a certificate from CA and say this is old > with > new certificate. > > _________________________________________________________ > Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! > http://mail.yahoo.com.cn > > <font > color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª > ÑÅ»¢È«ÐÂÁÄÌìÊÒ! > http://cn.chat.yahoo.com/c/roomlist.html > > _________________________________________________________ Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! http://mail.yahoo.com.cn <font color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª ÑÅ»¢È«ÐÂÁÄÌìÊÒ! http://cn.chat.yahoo.com/c/roomlist.html Received: by above.proper.com (8.11.3/8.11.3) id f747ZPu28840 for ietf-pkix-bks; Sat, 4 Aug 2001 00:35:25 -0700 (PDT) Received: from web13703.mail.yahoo.com (web13703.mail.yahoo.com [216.136.175.136]) by above.proper.com (8.11.3/8.11.3) with SMTP id f747ZOs28832 for <ietf-pkix@imc.org>; Sat, 4 Aug 2001 00:35:24 -0700 (PDT) Message-ID: <20010804073456.34574.qmail@web13703.mail.yahoo.com> Received: from [61.139.82.216] by web13703.mail.yahoo.com; Sat, 04 Aug 2001 15:34:56 CST Date: Sat, 4 Aug 2001 15:34:56 +0800 (CST) From: =?gb2312?q?li=20yunfeng?= <forward_li@yahoo.com.cn> Subject: Re: Verifying Certificates when CA key update To: Tom Gindin <tgindin@us.ibm.com> Cc: ietf-pkix@imc.org In-Reply-To: <OFA50FBCC0.A6AC45ED-ON85256A9C.00404F9F@pok.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> Thank Tom Gindin for answer me. I think if a attacker can requre a cross certificate form a CA,then he can spool as a CA.This is based on the opinion of RFC2510 that when CA update its own key for sign certificate, it will publish the oldwithnwe ,newwithold,and newwithnew certificate. If the CA publish the oldwithold certificate at the same time we can prevent the attacker's spooling. Because we can trust the public key in oldwithold certificate not trust the public key in oldwithnew certificate. All in all thanks Tom Gindin for giving me these insturct and i will implement the software as you teach me that set the version of oldwithnew to v1. --- Tom Gindin <tgindin@us.ibm.com> µÄÕýÎÄ£º> > > While I'm not sure what you mean by "chived" > here (perhaps > "spoofed"?), an OldWithNew certificate should be > distinguishable from > end-user certificates by several means. First, the > subject name and the > issuer name should match each other. Second, it > should IMO be either a v1 > certificate or contain a CA flag in a basic > constraints extension - I would > prefer the latter but it would be wise to find out > from the actual > implementors which they're using. The second check > does not protect > against an attack by the subject of a cross > certificate, but the first > does. > Do we need to add to point 1 of 2.4.2.2 (of > rfc2510bis-04) at least > the first of these checks? If so, do we need to > make the same change in > 2.4.2.3? I would think that we do, so thank you for > bringing this up. > > Tom Gindin > > > li yunfeng <forward_li@yahoo.com.cn>@mail.imc.org on > 08/02/2001 12:05:15 AM > > Sent by: owner-ietf-pkix@mail.imc.org > > > To: ietf-pkix@imc.org > cc: > Subject: Verifying Certificates when CA key update > > > > In the document "Inernet X.509 Public Key > Infrastructure Certificate Management Protocols > <draft-ietf-pkix-rfc2510bits-03.txt>" 2.4.2segment > says that when CA key update the verifier can verify > other person's certificate using OLDwhithNEW > certificate. > If we use this methord , we will be chived by other > who get a certificate from CA and say this is old > with > new certificate. > > _________________________________________________________ > Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! > http://mail.yahoo.com.cn > > <font > color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª > ÑÅ»¢È«ÐÂÁÄÌìÊÒ! > http://cn.chat.yahoo.com/c/roomlist.html > > _________________________________________________________ Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! http://mail.yahoo.com.cn <font color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª ÑÅ»¢È«ÐÂÁÄÌìÊÒ! http://cn.chat.yahoo.com/c/roomlist.html Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f738t1O05123 for ietf-pkix-bks; Fri, 3 Aug 2001 01:55:01 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f738sxs05115 for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 01:54:59 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHHFE600.1PM for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 03:56:30 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5T1B00.PI2; Fri, 27 Jul 2001 21:19:59 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id OAA22847; Tue, 24 Jul 2001 14:28:31 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id OAA20104 for ietf-123-outbound.05@ietf.org; Tue, 24 Jul 2001 14:15:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA12905 for <all-ietf@loki.ietf.org>; Tue, 24 Jul 2001 06:33:00 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06577; Tue, 24 Jul 2001 06:32:59 -0400 (EDT) Message-Id: <200107241032.GAA06577@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-cmc-compl-00.txt Date: Tue, 24 Jul 2001 06:32:59 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : CMC Compliance Document Author(s) : M. Myers et al. Filename : draft-ietf-pkix-cmc-compl-00.txt Pages : Date : 23-Jul-01 This document provides a set of compliance statements about the CMC enrollment protocol. The documents [CMC-STRUCT] and [CMC-TRANS] provide the definitions of the structure and transport protocols defined for CMC. This document provides the information needed to make a compliant version of CMC. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-compl-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-cmc-compl-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-cmc-compl-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010723141031.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-cmc-compl-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-cmc-compl-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010723141031.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f738t0T05117 for ietf-pkix-bks; Fri, 3 Aug 2001 01:55:00 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f738sws05107 for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 01:54:59 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHHFE500.DQL for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 03:56:29 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5SZQ00.OGH; Fri, 27 Jul 2001 21:19:02 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id OAA23552; Tue, 24 Jul 2001 14:47:45 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id OAA20451 for ietf-123-outbound.05@ietf.org; Tue, 24 Jul 2001 14:35:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA12919 for <all-ietf@loki.ietf.org>; Tue, 24 Jul 2001 06:33:05 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06589; Tue, 24 Jul 2001 06:33:04 -0400 (EDT) Message-Id: <200107241033.GAA06589@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-cmc-archive-00.txt Date: Tue, 24 Jul 2001 06:33:04 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : CMC Extensions: Server Side Key Generation and Key Archival Author(s) : J. Schaad Filename : draft-ietf-pkix-cmc-archive-00.txt Pages : 17 Date : 23-Jul-01 This document defines a set of extensions to [CMC] that address the desire for having two additional services: Server generation of keys, and server-side archival and subsequent recovery of key material by the server. These services are provided by the definition of additional control statements within the CMC architecture. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-archive-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-cmc-archive-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-cmc-archive-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010723141040.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-cmc-archive-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-cmc-archive-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010723141040.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f738sxk05110 for ietf-pkix-bks; Fri, 3 Aug 2001 01:54:59 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f738svs05098 for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 01:54:57 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHHFDT00.KQL for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 03:56:17 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5SW300.1H9; Fri, 27 Jul 2001 21:16:51 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id OAA23921; Tue, 24 Jul 2001 14:56:45 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id OAA20606 for ietf-123-outbound.05@ietf.org; Tue, 24 Jul 2001 14:45:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA12927 for <all-ietf@loki.ietf.org>; Tue, 24 Jul 2001 06:33:11 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06602; Tue, 24 Jul 2001 06:33:11 -0400 (EDT) Message-Id: <200107241033.GAA06602@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-cmc-trans-00.txt Date: Tue, 24 Jul 2001 06:33:10 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : CMC Transport Author(s) : M. Myers et al. Filename : draft-ietf-pkix-cmc-trans-00.txt Pages : Date : 23-Jul-01 This document defines a number of transport mechanisms that are used to move [CMC] messages. The transport mechanisms described in this document are: HTTP, file, mail and TCP. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-trans-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-cmc-trans-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-cmc-trans-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010723141049.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-cmc-trans-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-cmc-trans-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010723141049.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f738sxn05111 for ietf-pkix-bks; Fri, 3 Aug 2001 01:54:59 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f738sws05103 for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 01:54:58 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHHFDW00.TQT for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 03:56:20 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5SW500.PHO; Fri, 27 Jul 2001 21:16:53 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id PAA24409; Tue, 24 Jul 2001 15:10:56 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id OAA20781 for ietf-123-outbound.05@ietf.org; Tue, 24 Jul 2001 14:55:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA12934 for <all-ietf@loki.ietf.org>; Tue, 24 Jul 2001 06:33:16 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06614; Tue, 24 Jul 2001 06:33:16 -0400 (EDT) Message-Id: <200107241033.GAA06614@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ipki-new-rfc2527-00.txt Date: Tue, 24 Jul 2001 06:33:15 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework Author(s) : S. Chokhani et al. Filename : draft-ietf-pkix-ipki-new-rfc2527-00.txt Pages : 54 Date : 23-Jul-01 This document presents a framework to assist the writers of certificate policies or certification practice statements for participants within public key infrastructures, such as certification authorities, policy authorities, and communities of interest that wish to rely on certificates. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy or a certification practice statement. This document is being submitted to the RFC Editor with a request for publication as an Informational RFC. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-ipki-new-rfc2527-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ipki-new-rfc2527-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ipki-new-rfc2527-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010723141100.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ipki-new-rfc2527-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ipki-new-rfc2527-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010723141100.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f738st405082 for ietf-pkix-bks; Fri, 3 Aug 2001 01:54:55 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f738srs05075 for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 01:54:54 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHHF4O00.0Q9 for <ietf-pkix@imc.org>; Fri, 3 Aug 2001 03:50:48 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5C7V00.T0A; Fri, 27 Jul 2001 15:16:43 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id OAA10298; Fri, 27 Jul 2001 14:17:26 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id NAA19129 for ietf-123-outbound.05@ietf.org; Fri, 27 Jul 2001 13:55:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id HAA13144 for <all-ietf@loki.ietf.org>; Fri, 27 Jul 2001 07:22:52 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07700; Fri, 27 Jul 2001 07:22:50 -0400 (EDT) Message-Id: <200107271122.HAA07700@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-logotypes-00.txt Date: Fri, 27 Jul 2001 07:22:49 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Logotypes in X.509 certificates Author(s) : S. Santesson Filename : draft-ietf-pkix-logotypes-00.txt Pages : Date : 26-Jul-01 This document contains an initial outline of a standard for inclusion of logotypes in certificates. The draft includes background discussions around different aspects of problems and solutions, forming a starting point for the creation of a complete standard. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-logotypes-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-logotypes-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-logotypes-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010726171111.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-logotypes-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-logotypes-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010726171111.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f732BFH04548 for ietf-pkix-bks; Thu, 2 Aug 2001 19:11:15 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f732BEs04541 for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 19:11:14 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHGZ3W00.TDR for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 22:04:44 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5T1B00.PI2; Fri, 27 Jul 2001 21:19:59 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id OAA22847; Tue, 24 Jul 2001 14:28:31 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id OAA20104 for ietf-123-outbound.05@ietf.org; Tue, 24 Jul 2001 14:15:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA12905 for <all-ietf@loki.ietf.org>; Tue, 24 Jul 2001 06:33:00 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06577; Tue, 24 Jul 2001 06:32:59 -0400 (EDT) Message-Id: <200107241032.GAA06577@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-cmc-compl-00.txt Date: Tue, 24 Jul 2001 06:32:59 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : CMC Compliance Document Author(s) : M. Myers et al. Filename : draft-ietf-pkix-cmc-compl-00.txt Pages : Date : 23-Jul-01 This document provides a set of compliance statements about the CMC enrollment protocol. The documents [CMC-STRUCT] and [CMC-TRANS] provide the definitions of the structure and transport protocols defined for CMC. This document provides the information needed to make a compliant version of CMC. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-compl-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-cmc-compl-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-cmc-compl-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010723141031.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-cmc-compl-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-cmc-compl-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010723141031.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f732BFn04543 for ietf-pkix-bks; Thu, 2 Aug 2001 19:11:15 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f732BDs04536 for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 19:11:13 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHGZ3S00.0DA for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 22:04:40 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5SZQ00.OGH; Fri, 27 Jul 2001 21:19:02 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id OAA23552; Tue, 24 Jul 2001 14:47:45 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id OAA20451 for ietf-123-outbound.05@ietf.org; Tue, 24 Jul 2001 14:35:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA12919 for <all-ietf@loki.ietf.org>; Tue, 24 Jul 2001 06:33:05 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06589; Tue, 24 Jul 2001 06:33:04 -0400 (EDT) Message-Id: <200107241033.GAA06589@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-cmc-archive-00.txt Date: Tue, 24 Jul 2001 06:33:04 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : CMC Extensions: Server Side Key Generation and Key Archival Author(s) : J. Schaad Filename : draft-ietf-pkix-cmc-archive-00.txt Pages : 17 Date : 23-Jul-01 This document defines a set of extensions to [CMC] that address the desire for having two additional services: Server generation of keys, and server-side archival and subsequent recovery of key material by the server. These services are provided by the definition of additional control statements within the CMC architecture. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-archive-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-cmc-archive-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-cmc-archive-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010723141040.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-cmc-archive-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-cmc-archive-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010723141040.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f732BEX04537 for ietf-pkix-bks; Thu, 2 Aug 2001 19:11:14 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f732BCs04531 for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 19:11:12 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHGZ3K00.GD4 for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 22:04:32 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5SW500.PHO; Fri, 27 Jul 2001 21:16:53 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id PAA24409; Tue, 24 Jul 2001 15:10:56 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id OAA20781 for ietf-123-outbound.05@ietf.org; Tue, 24 Jul 2001 14:55:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA12934 for <all-ietf@loki.ietf.org>; Tue, 24 Jul 2001 06:33:16 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06614; Tue, 24 Jul 2001 06:33:16 -0400 (EDT) Message-Id: <200107241033.GAA06614@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ipki-new-rfc2527-00.txt Date: Tue, 24 Jul 2001 06:33:15 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework Author(s) : S. Chokhani et al. Filename : draft-ietf-pkix-ipki-new-rfc2527-00.txt Pages : 54 Date : 23-Jul-01 This document presents a framework to assist the writers of certificate policies or certification practice statements for participants within public key infrastructures, such as certification authorities, policy authorities, and communities of interest that wish to rely on certificates. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy or a certification practice statement. This document is being submitted to the RFC Editor with a request for publication as an Informational RFC. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-ipki-new-rfc2527-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ipki-new-rfc2527-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ipki-new-rfc2527-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010723141100.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ipki-new-rfc2527-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ipki-new-rfc2527-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010723141100.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f732BDF04533 for ietf-pkix-bks; Thu, 2 Aug 2001 19:11:13 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f732BBs04525 for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 19:11:12 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHGZ3H00.7CR for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 22:04:29 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5SW300.1H9; Fri, 27 Jul 2001 21:16:51 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id OAA23921; Tue, 24 Jul 2001 14:56:45 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id OAA20606 for ietf-123-outbound.05@ietf.org; Tue, 24 Jul 2001 14:45:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA12927 for <all-ietf@loki.ietf.org>; Tue, 24 Jul 2001 06:33:11 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06602; Tue, 24 Jul 2001 06:33:11 -0400 (EDT) Message-Id: <200107241033.GAA06602@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-cmc-trans-00.txt Date: Tue, 24 Jul 2001 06:33:10 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : CMC Transport Author(s) : M. Myers et al. Filename : draft-ietf-pkix-cmc-trans-00.txt Pages : Date : 23-Jul-01 This document defines a number of transport mechanisms that are used to move [CMC] messages. The transport mechanisms described in this document are: HTTP, file, mail and TCP. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-trans-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-cmc-trans-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-cmc-trans-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010723141049.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-cmc-trans-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-cmc-trans-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010723141049.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f732B7s04505 for ietf-pkix-bks; Thu, 2 Aug 2001 19:11:07 -0700 (PDT) Received: from postoffice.sarnoff.com (postoffice.sarnoff.com [130.33.10.147]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f732B5s04499 for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 19:11:06 -0700 (PDT) Received: from postoffice.sarnoff.com ([127.0.0.1]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with SMTP id GHGYIQ00.OD0 for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 21:52:02 -0400 Received: from nova.sarnoff.com ([130.33.8.27]) by postoffice.sarnoff.com (Netscape Messaging Server 4.15) with ESMTP id GH5C7V00.T0A; Fri, 27 Jul 2001 15:16:43 -0400 Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by nova.sarnoff.com (8.9.2/8.9.2) with ESMTP id OAA10298; Fri, 27 Jul 2001 14:17:26 -0400 (EDT) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id NAA19129 for ietf-123-outbound.05@ietf.org; Fri, 27 Jul 2001 13:55:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id HAA13144 for <all-ietf@loki.ietf.org>; Fri, 27 Jul 2001 07:22:52 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07700; Fri, 27 Jul 2001 07:22:50 -0400 (EDT) Message-Id: <200107271122.HAA07700@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-logotypes-00.txt Date: Fri, 27 Jul 2001 07:22:49 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Logotypes in X.509 certificates Author(s) : S. Santesson Filename : draft-ietf-pkix-logotypes-00.txt Pages : Date : 26-Jul-01 This document contains an initial outline of a standard for inclusion of logotypes in certificates. The draft includes background discussions around different aspects of problems and solutions, forming a starting point for the creation of a complete standard. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-logotypes-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-logotypes-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-logotypes-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010726171111.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-logotypes-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-logotypes-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010726171111.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f72Btib07116 for ietf-pkix-bks; Thu, 2 Aug 2001 04:55:44 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f72Btgs07110 for <ietf-pkix@imc.org>; Thu, 2 Aug 2001 04:55:42 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id HAA417208; Thu, 2 Aug 2001 07:53:15 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97) with ESMTP id f72BlV609554; Thu, 2 Aug 2001 07:47:32 -0400 Importance: Normal Subject: Re: Verifying Certificates when CA key update To: li yunfeng <forward_li@yahoo.com.cn> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-ID: <OFA50FBCC0.A6AC45ED-ON85256A9C.00404F9F@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Thu, 2 Aug 2001 07:54:39 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 08/02/2001 07:55:16 AM MIME-Version: 1.0 Content-type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by above.proper.com id f72Bths07111 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> While I'm not sure what you mean by "chived" here (perhaps "spoofed"?), an OldWithNew certificate should be distinguishable from end-user certificates by several means. First, the subject name and the issuer name should match each other. Second, it should IMO be either a v1 certificate or contain a CA flag in a basic constraints extension - I would prefer the latter but it would be wise to find out from the actual implementors which they're using. The second check does not protect against an attack by the subject of a cross certificate, but the first does. Do we need to add to point 1 of 2.4.2.2 (of rfc2510bis-04) at least the first of these checks? If so, do we need to make the same change in 2.4.2.3? I would think that we do, so thank you for bringing this up. Tom Gindin li yunfeng <forward_li@yahoo.com.cn>@mail.imc.org on 08/02/2001 12:05:15 AM Sent by: owner-ietf-pkix@mail.imc.org To: ietf-pkix@imc.org cc: Subject: Verifying Certificates when CA key update In the document "Inernet X.509 Public Key Infrastructure Certificate Management Protocols <draft-ietf-pkix-rfc2510bits-03.txt>" 2.4.2segment says that when CA key update the verifier can verify other person's certificate using OLDwhithNEW certificate. If we use this methord , we will be chived by other who get a certificate from CA and say this is old with new certificate. _________________________________________________________ Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! http://mail.yahoo.com.cn <font color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª ÑÅ»¢È«ÐÂÁÄÌìÊÒ! http://cn.chat.yahoo.com/c/roomlist.html Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7245C927602 for ietf-pkix-bks; Wed, 1 Aug 2001 21:05:12 -0700 (PDT) Received: from web13707.mail.yahoo.com (web13707.mail.yahoo.com [216.136.175.140]) by above.proper.com (8.11.3/8.11.3) with SMTP id f7245Bs27597 for <ietf-pkix@imc.org>; Wed, 1 Aug 2001 21:05:11 -0700 (PDT) Message-ID: <20010802040515.21374.qmail@web13707.mail.yahoo.com> Received: from [61.139.85.150] by web13707.mail.yahoo.com; Thu, 02 Aug 2001 12:05:15 CST Date: Thu, 2 Aug 2001 12:05:15 +0800 (CST) From: =?gb2312?q?li=20yunfeng?= <forward_li@yahoo.com.cn> Subject: Verifying Certificates when CA key update To: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> List-ID: <ietf-pkix.imc.org> In the document "Inernet X.509 Public Key Infrastructure Certificate Management Protocols <draft-ietf-pkix-rfc2510bits-03.txt>" 2.4.2segment says that when CA key update the verifier can verify other person's certificate using OLDwhithNEW certificate. If we use this methord , we will be chived by other who get a certificate from CA and say this is old with new certificate. _________________________________________________________ Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! http://mail.yahoo.com.cn <font color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª ÑÅ»¢È«ÐÂÁÄÌìÊÒ! http://cn.chat.yahoo.com/c/roomlist.html
- charter revisions Stephen Kent
- Re: charter revisions Steve Hanna
- Re: charter revisions Stephen Farrell
- Re: charter revisions Housley, Russ
- RE: charter revisions Al Arsenault
- Re: charter revisions Stephen Kent
- Re: charter revisions Bob Jueneman
- Re: charter revisions Michael Ströder
- Re: charter revisions Stephen Kent
- Re: charter revisions Stephen Kent
- RE: charter revisions Housley, Russ
- Re: charter revisions Steve Hanna
- Re: charter revisions Steve Hanna
- Re: charter revisions Denis Pinkas
- Re: charter revisions (2) Denis Pinkas
- Re: charter revisions Stephen Kent
- Re: charter revisions Stephen Kent
- Re: charter revisions (2) Stephen Kent
- RE: charter revisions Michael Myers
- Re: charter revisions Rich Salz
- Re: charter revisions Steve Hanna
- RE: charter revisions Bob Jueneman
- Re: charter revisions Paul Hoffman / IMC
- RE: charter revisions Michael Myers
- RE: charter revisions Bob Jueneman
- RE: charter revisions Michael Myers
- RE: charter revisions Paul Hoffman / IMC
- RE: charter revisions Michael Myers
- RE: charter revisions Peter Williams
- RE: charter revisions Peter Gutmann
- Re: charter revisions Denis Pinkas
- Re: charter revisions Stephen Kent
- Re: charter revisions Stephen Kent
- Re: charter revisions Steve Hanna
- Re: charter revisions Stephen Kent
- RE: charter revisions Stephen Kent
- Re: charter revisions Stephen Kent
- RE: charter revisions Hallam-Baker, Phillip
- RE: charter revisions Bob Jueneman
- RE: charter revisions Hallam-Baker, Phillip
- Re: charter revisions Steve Hanna
- RE: charter revisions Hallam-Baker, Phillip
- Re: charter revisions Bob Jueneman
- Re: charter revisions Paul Hoffman / IMC
- RE: charter revisions Yuriy Dzambasow
- RE: charter revisions Hallam-Baker, Phillip
- Re: charter revisions David P. Kemp
- Re: charter revisions Steve Hanna
- Re: charter revisions Steve Hanna
- Re: charter revisions Steve Hanna
- Re: charter revisions Michael Ströder
- Re: charter revisions Simon Josefsson
- Re: charter revisions Stephen Kent
- Re: charter revisions Stephen Kent
- Logos in PKIX - Was: charter revisions Stefan Santesson