Re: [TLS] Verifying X.509 Certificate Chains out of order

[Martin Rex <Martin.Rex at sap.com>]

Peter Gutmann wrote:
> 
> Simon Josefsson <simon at josefsson.org> writes:
> > 
> >It is claimed that OpenSSL, IE and Firefox does not enforce the second
> >MUST in the paragraph above, and succeeds in verifying an
> >out-of-sequence chain.  I haven't verified the claim.  It appears as if
> >the OpenSSL developers don't consider their behaviour as a bug (see
> >reply below).
> 
> Add cryptlib to the list of implementations that don't care about the order. 
> In fact I'd be kinda surprised if anyone (well, apart from GnuTLS) cared
> about cert order.

All implementations that seriously care about (server) performance
ought to fail with an unordered certificate_list (and not try to
reorder themselves).  Our OEM implementation does care.


> 
> >What are others opinion on this?  I'm looking for some guidance on
> >whether we should modify our current behaviour.
> 
> I'd say modify it, in fact I'm not sure what the rationale for requiring 
> ordering was in the original spec, "it's tidier that way" doesn't
> strike me as a good argument :-).

It is a big waste to sort and sort and sort the list each time
it is processed.  The one who is persisting the data (credential holder)
can sort it once and for all.

Looking at their specs, even the WebServicesSecurity folks are prefering
the ordered list X509PKIPathv1 over the PKCS7 unordered bag of certificates.
(and someone who uses XML to build a solution does otherwise not care
 very much about performance).

-Martin
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls