Dr. Stephen Henson wrote:
> On Fri, Mar 17, 2006, michael Dorrian wrote:
>
>> 1. Can a CA signed by the root CA act as a trusted CA itself?.
>
> Provided the root CA permits this...
Actually I think: not. It seems to be impossible
to evaluate a certificate only up to a subCA,
openssl always requires the complete chain up to
the root CA. So I cannot tell openssl "this is a
trusted subordinate CA, that's enough."
This matters in cases, where a certificate hierarchy
has different CAs (eg operated by different organisations).
Right now it seems impossible to me to tell openca:
Accept certificates from this subCA, but not from
this one. Additional means used in mod_ssl (regular
expressions on subject and issuer DN and verifydepth)
may be helpful, but not always sufficient.
Eg the following scenario:
RootCA
subCA1
subsubCA1
client1
subCA2
subCA2 can issue a subsubCA certificate with the same
DN entries as subsubCA1, which again issues a client
cert with the same DN as client1. So besides the key
material, both client certificates look the same. And
they both evaluate successful, because the software
always checks up to the root. So actually I see no
way for subCA1 to configure mod_ssl or tell the openssl
utilities to trust subCA1 and NOT subCA2... Dangerous...
Or did I miss some additional mechanisms? (always eager
to learn something... :-))
>> 2. How does the certificate chain stop another client who has a
>> certificate signed by the same root authority as you acting as a trusted
>> CA. I know the ip addresses will be different but maybe there is a way
>> around that too.
There are (as Stephen Henson already said) mechanisms to tell CA
certificates from client certificates. And there are even more
extensions that can additionally prevent misuse of certificates
(using user certificates for servers etc), keyUsage and extendedKeyUsage
are your friends. This reduces the problem, but the scenario
above seems to be an unsolved issue as far as I can tell...
In my understanding this results form mixing two things:
Issueing a certificate does just tell "the given name
and key belong together". But that does not necessarily
imply that I trust the owner of the certificate. So there
is a difference between "I trust this root CA to correctly
identify users and I think the issued certificates are all ok"
and "I trust all individuals that own a certificate issued
by this CA". But the later is actually what you do if you
use "SSLCACertificatefile" for mod_ssl. This difference can
actually not be fully expressed with the means of mod_ssl
or the openssl utilities.
Correct me if I'm wrong...
Olaf Gellert
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
