Re: ordering of multiple X509Certificates


From:  Joel Hockey <>
Message-ID:  <>
Date:  Fri, 8 Mar 2002 10:57:36 +1000 

>I have a query about the case where multiple X509Certificate elements are
>sent with a signature.  I couldn't find any information in the spec
>concerning the order that they should be sent in, and I couldn't find any
>mention of this in the mailing list archive.  I imagine this is intentional
>left out of the spec as it does not require any KeyInfo and leaves all this
>up to the application level.

I guess sending certs does "not require any KeyInfo" as you say, but
if you are not sending them inside or referred to from the Signature,
then what format or order they are in is an application matter outside
the scope of the standard. If you are sending them inside a
Signature/KeyInfo/X509Data, then Section 4.4.4 gives the constraints
and, as it says, "No ordering is implied by the above constraints."

Implementations that depend on what order certs appear in a message
strike me as brittle and non-interoperable.

>I would expect that when multiple certificates are sent, they should be sent
>as a chain (same as how an ssl server must send certifictes - rfc 2246),
>with the sender's cert coming first and each following cert directly
>certifying the one before it.

Better cert handling systems of which I am aware store them all into
some sort of cache with multiple indexes and don't care what order
they were in or, if there are multiple messages or multiple places
certs can appear in a message, how the certs are distributed between
those messages and places, as long as you don't flush the cache and
all the certificates you need are really there when you try to
validate a key or whatever. (ditto re CRLs) In any case, the issue has
been decided for XMLDSIG and the order is not constrained in KeyInfo.

>Does the spec actually mention anything about this, or does anyone else have
>any thoughts?


Received on Thursday, 7 March 2002 20:42:42 UTC