On 4/25/14, 9:18 AM, Zack Weinberg wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/25/2014 09:59 AM, Erwann Abalea wrote:
Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
What is the rationale for this:
4. Mozilla::pkix performs chaining based on issuer name alone,
and does not require that issuer's subject key match the
authority key info (AKI) extension in the certificate. Classic
verification enforces the AKI restriction.
AKI is only a helper for certificate path building. It's mandatory
for CAs to issue certificates with matching keyIdentifiers
(issued.AKI.keyIdentifier = issuer.SKI), but it's not mandatory
for relying parties to verify that the values match.
That doesn't seem like enough of a justification to me. It may not be
mandatory, but please explain why it is not *necessary* (i.e. why no
security guarantees depend on it).
Lets pretend for the sake of the argument that you are an attacker and
can modify the value of the AKI (assume that the AKI is not signed by
the CA). You will notice that this field is NOT used to determine your
identity (like the name or subject-alt-names) you or the determine
capabilites of your cert (and private key) (like the basic constraints,
KU, EKU, Cert Policies, name constraints extensions).
Is it more clear now?
Camilo
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
