Re: PKCS from Joseph M. Reagle Jr. on 2000-10-24 (w3c-ietf-xmldsig@w3.org from October to December 2000)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 24 Oct 2000 16:03:51 -0400
To: "Tom Gindin/Watson/IBM" <tgindin@us.ibm.com>, <kent@trl.ibm.co.jp>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-Id: <4.3.2.7.2.20001024155837.0343bde0@rpcp.mit.edu>

Thank you Tom. I'll use this point to qualify the resolution of this issue 
in the last call document [1] but will not introduce any new text into the 
specification.

[1] http://www.w3.org/Signature/20000228-last-call-issues.html


At some point Gindin wrote:
>>>[TG] The effective rule is that any certificate whose subject name 
>>>matches the issuer name of any of the other certificates included is a CA 
>>>from one of the included chains, and thus signature verification should 
>>>only run on the remaining certificates. All of the remaining certificates 
>>>(normally EE certificates) should have the SAME public key, or they will 
>>>confuse verifiers. Does anyone think there should be a restriction to 
>>>only one EE certificate? Can anyone think of a way in which two EE 
>>>certificates with different keys can both be "related to that single key" 
>>>in a KeyInfo?
At some point Reagle wrote:
>>Ok, I'll reference that in the last call document. Does this rule follow
>>from PKCS, or does it need to be represented in our text?
At 12:26 10/24/2000 -0400, Tom Gindin/Watson/IBM wrote:
>      It has little to do with PKCS, but it does follow PKIX.  For example,
>PKCS#6 does not even contain the word "chain".  However, RFC 2459 section
>3.2 contains the following: "In general, a chain of multiple certificates
>may be needed, comprising a certificate of the public key owner (the end
>entity) signed by one CA, and zero or more additional certificates of CAs
>signed by other CAs."  This statement does not include the statement that a
>chain may be constructed by lining up issuer and subject names, but that
>requirement that they be aligned is one of the conditions for validating a
>path (a term used almost interchangeably with chain) in RFC 2459 section
>6.1- see processing item a-4: "the subject and issuer names chain correctly
>(that is, the issuer of this certificate was the subject of the previous
>certificate.)"  I haven't checked for citations in TLS or S/MIME, which
>might well also exist and specify how to construct a chain rather than
>simply how to verify one.


__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Tuesday, 24 October 2000 16:04:43 UTC