Hi Erwann; On Thursday 31 January 2008 13:07:32 Erwann ABALEA wrote: > > Renewal is when you issue a new certificate, but keep the same keys. In > > this case, the CRL validation in OpenSSL works fine, since the keys are > > the same, and the only difference in the cert is a new validity and > > serial number. > > OK. Let's call it "rekey" if you want, that's not a problem. We're a PKI > operator, and we don't "renew" CAs, we only "rekey" them, then. > Such differenciation is found nowhere in the X.509 standard, or the > RFC3280 document (or its successor, still in draft). >
No, since this is a policy decision, the relevant document is RFC3647, which makes a clear distinction between renewal and rekey. <snip> > > One has to be very carefull when dealing with another CA that has the > > same name but different keys, or else it would be possible for an > > attacker to impersonate a CA. > > That's not possible. If it has the same name, then it's the same exact > CA. Period. > We're dealing here with CA certificates, with off-band verification to > perform trust, etc. So CA impersonification is not a problem here. > Please see this thread: http://www.imc.org/ietf-pkix/old-archive-04/msg01204.html Essentially, my take on what Santosh is saying is that CRLs need to be signed by both CAs during the transition, because either a CA is "active" (and can be used to validate the signature on the certificate itself) or it isn't. If it is "active" it should sign it's own CRLs (and he doesn't preclude someone else signing a CRL as well for that certificate, but if you do do this, then the algorithm that he proposes in the thread should be followed, which Stephan had a problem with, since there is a possible disambiguation problem that could be exploited by a malicious attacker.). The relevant quote is as follows: "Each of the two keys should be used to sign the full CRL for the scope of all certificates issued by that CA under all keys. Furthermore, the same revoked certificate list (empty or not) should be signed with all active keys. Active keys are defined as those CA private keys whose companion public keys can still be used to verify signatures on the certificates" So you can't just stop using a particular CA's keys... until it either expires or is revoked, it should keep issuing CRL's for the keys it has issued. And if it keeps issuing CRL's, the situation for which you have created the patch should never happen :). This is a rather murky subject, and the merits of the two approaches are probably best discussed on the PKIX list, rather than here, as the approach has little to do with the technical implementation of what you propose :) Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
