Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?

To: Simon Josefsson <simon at josefsson.org>
Subject: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
From: Dean Anderson <dean at av8.com>
Date: Wed, 22 Oct 2008 21:12:52 -0400 (EDT)
Cc: Alfred =?hp-roman8?B?SM5uZXM=?= <ah at tr-sys.de>, tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <87iqrlf1pa.fsf at mocca.josefsson.org>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org

On Wed, 22 Oct 2008, Simon Josefsson wrote:

> Alfred "=?hp-roman8?B?SM5uZXM=?=" <ah at tr-sys.de> writes:
> 
> > (B)  Non-uniqueness of x509_name in Trusted CA Keys TLS extension
> >
> > The 3rd-to-last paragraph of Section 6 in the -03 version
> > of the rfc4366-bis draft states:
> >
> > !  Note also that it is possible that a key hash or a Distinguished Name
> > !  alone may not uniquely identify a certificate issuer (for example, if
> > !  a particular CA has multiple key pairs). However, here we assume this
> > !  is the case following the use of Distinguished Names to identify
> > !  certificate issuers in TLS.
> >
> > It seems rather unlikely that this non-uniqueness happens for
> > a key hash.
> 
> Can't you have multiple CA certificates for the same key?

You _can_ have multiple key pairs, but knowledge of any key pair allows
one to calculate P and Q, so having multiple key pairs for the same
modulus is a "bad idea", because with one pair one can calculate any
other pair given one of the other pair.  I believe that both Schnier's
Applied Cryptography, 2nd and the CRC Handbook of Applied Cryptography
recommend against this practice.  The CRC Handbook gives the method to 
calculate P and Q given the public and private keys.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
  - From: Eric Rescorla

References:
- Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
  - From: Simon Josefsson

Prev by Date: Re: [TLS] WGLC for draft-ietf-tls-psk-new-mac-aes-gcm-03.txt
Next by Date: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Previous by thread: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Next by thread: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Index(es):
- Date
- Thread

Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.