Re: [TLS] Verifying X.509 Certificate Chains out of order

Martin Rex <> Tue, 07 October 2008 10:20 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id 6944B3A696A; Tue, 7 Oct 2008 03:20:28 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5FC8F3A692C for <>; Tue, 7 Oct 2008 03:20:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.81
X-Spam-Status: No, score=-5.81 tagged_above=-999 required=5 tests=[AWL=0.439, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QrG30bvPIPsZ for <>; Tue, 7 Oct 2008 03:20:26 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 563E63A68D1 for <>; Tue, 7 Oct 2008 03:20:26 -0700 (PDT)
Received: from by (26) with ESMTP id m97AKwTD021061; Tue, 7 Oct 2008 12:20:58 +0200 (MEST)
From: Martin Rex <>
Message-Id: <>
To: (Peter Gutmann)
Date: Tue, 7 Oct 2008 12:20:56 +0200 (MEST)
In-Reply-To: <> from "Peter Gutmann" at Oct 7, 8 04:12:46 pm
MIME-Version: 1.0
X-Scanner: Virus Scanner virwal05
X-SAP: out
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Peter Gutmann wrote:
> Martin Rex <>; writes:
> >All implementations that seriously care about (server) performance ought to
> >fail with an unordered certificate_list (and not try to reorder themselves).
> >Our OEM implementation does care.
> Wow, how on earth did you manage to come up with an implementation where the
> overhead of doing this even registers?

(It's an OEM implemenation I happen to support, not my implementation.)

In a sensible PKI implementation there are distinct datatypes for
unordered bags of certs and an ordered certificate chain, and
the certificate chain verifier operates only on the ordered chain.
better modularisation of code, less bugs, less code, faster.

It makes perfect sense to require ordered lists in procotols such as in an
SSL certificate_list and X509PKIPathv1 in WS-Security and use unordered
lists only where performance has low importance (PKCS7/CMS) or usability
is desired (User interfaces).

TLS mailing list