At 6:16 PM -0400 8/2/11, Sandra Murphy wrote:
Speaking only as a regular ol' wg member:
The draft does not say why the mixed certificate prohibition was
needed in the first place.
The new text says:
This exception to the mixed algorithm suite certificate
rule is allowed because an EE certificate that is not used to verify
repository objects does not interfere with the ability of RPs to
download and verify repository content.
There's a hint there that mixed certificates for CAs signing CA
certs might cause a problem for RPs.
Goeff noted a serious problem that could arise if we allow for mixed
certs at the CA level, i.e., a potential exponential directory
explosion. I noted this
in the briefing I made in Prague. (See slide 3, bullet 3.)
I think it would be good to describe the problems RPs would see if
CAs could sign CA certs with a mix of algorithms.
And it might be good to say why the mixed certificate case for some
EE certs was desirable.
It's not clear why one would want mixed mode EE certs, for any EE cert used
to verify a repository object. It would impose a burden on all RPs
(they would have to be able to deal with two suites).
In contrast, mixed mode certs for EE certs that are NOT used to
validate repository objects do not impose a burden on ALL RPs. Only
RPs that need to process these certs to extract and use he public key
would need to be capable
of dealing with the alg for the Subject public key.
YMMV.
Also, the draft says:
In the RPKI, a CA MUST
NOT sign a CA certificate carrying a subject key that corresponds to
an algorithm suite that differs from the one used to sign the
certificate.
It used to say that
In RPKI an algorithm
suite MUST NOT sign a certificate carrying a subject key that
corresponds to another algorithm suite.
To me, the old text sounded like issuance of any mixed certificate
was prohibited.
yes, and it was also not good English :-). It would at least have to
say "In the RPKI an algorithm suite MUST NOT be used to sign a
certificate carrying a subject key that contains a key that is used
with another algorithm suite.
The new prohibition applies only to CAs issuing a CA cert and the new
exception applies only to EE certs that are not used to verify
repository objects. The new text sounds to me like it leaves open
the case of EE certs that *are* used to verify repository objects.
That was not the intent. The cited text at the beginning of this
message was intended to describe the context in which it's OK to have
a mixed mode EE cert. We can try to make this limitation clearer.
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr