Re: XAdES - More secure than XML Dsig?

It is interesting to note that the use of a single key-pair for
multiple certificates still is fairly often touted by promoters
of smart cards.  Usually due to limitations in private key storage
and generation.

Anders

PS I never thought this was a such a great idea BTW DS

----- Original Message ----- 
From: "John Boyer" <JBoyer@PureEdge.com>
To: "Gregor Karlinger" <gregor.karlinger@iaik.at>; "w3c.xmldsig ML" <w3c-ietf-xmldsig@w3.org>
Sent: Friday, March 12, 2004 17:52
Subject: RE: XAdES - More secure than XML Dsig?




<gregor>
However, I do not think that modelling the signer role per using different
certs for the same key is a good practice. Rather the relying party should
deduce this from the context, for instance from the data being signed (as
you do it in the paper world as well), or from another signature attribute
which XadES provides (Signer Role).
</gregor>

Yes, reading this chain I got the same feeling as Gregor that the CAs issuing 
multiple certs per the same key pair had crossed the line of the intent of 
the system and were now using the self-signing ability of XML DSig or XAdES
to fix the hack.

A key pair is supposed to be assigned to a unique identity. If, within a system,
that means (name+role), then that is what should be assigned the key pair.
To say that (name+role) is the identity, but we assign the key pair to name
opens up the real possibility of abuse of the system.

To wit, how is the relying party supposed to know whether or not a cert is the 
unique wrapper for a given key pair?  Therefore, how can generic signature engines
be written? Must they be told to require signatures that sign the certificate as
part of the core validation?

Conversely, because it's not part of core validation, shouldn't the CA's have
stayed away from this practice?

John Boyer, Ph.D.
Senior Product Architect and Research Scientist
PureEdge Solutions Inc.

Received on Friday, 12 March 2004 12:06:44 UTC