[pkix] World's smallest well-formed certificate

Sean Leonard <dev+ietf@seantek.com> Wed, 18 May 2016 07:30 UTC

Return-Path: <dev+ietf@seantek.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C58D212D125 for <pkix@ietfa.amsl.com>; Wed, 18 May 2016 00:30:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id I_PJ5mZsIHZ5 for <pkix@ietfa.amsl.com>; Wed, 18 May 2016 00:30:06 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B737212D114 for <pkix@ietf.org>; Wed, 18 May 2016 00:30:05 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id C3567509B8 for <pkix@ietf.org>; Wed, 18 May 2016 03:30:04 -0400 (EDT)
To: "pkix@ietf.org" <pkix@ietf.org>
From: Sean Leonard <dev+ietf@seantek.com>
Message-ID: <7b8c0b5a-2133-b094-2d09-e37efae98994@seantek.com>
Date: Wed, 18 May 2016 00:29:11 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/tdDPeEJ8vCigbWeg1bPw9jJ2Jw8>
Subject: [pkix] World's smallest well-formed certificate
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2016 07:30:08 -0000

I'm working on a problem that involves the DER encoding of the smallest 
well-formed (yet pathological) certificate. How many octets can the 
world's smallest well-formed certificate be?

A Certificate is a SEQUENCE of TBSCertificate, AlgorithmIdentifier, and 
BIT STRING (the signature). The world's smallest certificate would be 
version = 1 (therefore omitted), a serial number of 0, a hypothetical 
signature (AlgorithmIdentifier) that has the world's smallest object 
identifier (0.0) and no parameters, an issuer Name (distinguished name) 
that has one RDN that has one Attribute whose type is the world's 
smallest object identifier (0.0) and whose value is the ASN.1's smallest 
value (NULL), with proper validity times, the same or similar smallest 
subject Name, a well-formed SubjectPublicKeyInfo, and none of the 
optional fields: issuerUniqueID, subjectUniqueID, and extensions.

By "well-formed", I mean that an ASN.1 '88 parser (i.e., one that does 
not enforce information object classes) will parse it (including the BIT 
STRING contents) and not barf. Such a certificate could not possibly be 
"valid", since the signature block would not be a real digital signature.


(PS For those who want to know "why", it's because I am trying to test 
some assumptions about how small a certificate can be.)