Nelson Bolyard wrote:
I suspect there's been a misunderstanding here. I took Ian's "One
supposes"
remark as an unfinished sentence, and so did not attempt to interpret it.
I was thinking out aloud, and expecting to get
shot down in flames. You were right to ignore
it :)
Jean-Marc seems to have interpreted it to mean that Ian was suggesting that
NSS will take a fingerprint value found in nsIX509Cert as a correct
fingerprint (hash) whether or not it is that.
That's actually what I was thinking, that the
fingerprint was in there, and just being
extracted... but then I realised that this
was silly.
But IINM, the values returned through nsIX509Cert are computed by NSS from
the actual DER cert itself. nsIX509Cert depends on NSS, not the other way
around. IMO, NSS is right to trust its own computations as correct.
Yes, that makes sense.
I'm not sure what to make of the word "authoritative". Anyone can compute
a SHA1 hash of anything.
Right, as long as it is computable, that would
be the preferred way. Which is what I assumed
SSLBar to do.
Where one gets into the issue of "authoritive"
would be if one were simply given the SHA1 hash
pre-computed. In this case, SSLBar is given the
SHA1 hash pre-computed, and is thus asserting
that it has been told this is the hash, and it
has decided to accept the nsIX509Cert/NSS calculation
as authoritive.
From a security pov, this is less satisfactory
as to know for sure one would now need to audit
an extra module, and keep auditing it.
(Although in the context of SSLBar, this is nit-
picking, I think. The main thing about SSLBar
is that it demonstrates the concept. How it
does it is less relevent than the experiment.)
iang
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
