Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
From: Dean Anderson <dean at av8.com>
Date: Thu, 23 Oct 2008 11:42:04 -0400 (EDT)
Cc: Simon Josefsson <simon at josefsson.org>, Alfred Hönes <ah at tr-sys.de>, tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20081023024534.5E70A6D8538 at kilo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org

On Wed, 22 Oct 2008, Eric Rescorla wrote:

> At Wed, 22 Oct 2008 21:12:52 -0400 (EDT),
> Dean Anderson wrote:
> > 
> > On Wed, 22 Oct 2008, Simon Josefsson wrote:
> > 
> > > Alfred "=?hp-roman8?B?SM5uZXM=?=" <ah at tr-sys.de> writes:
> > > 
> > > > (B)  Non-uniqueness of x509_name in Trusted CA Keys TLS extension
> > > >
> > > > The 3rd-to-last paragraph of Section 6 in the -03 version
> > > > of the rfc4366-bis draft states:
> > > >
> > > > !  Note also that it is possible that a key hash or a Distinguished Name
> > > > !  alone may not uniquely identify a certificate issuer (for example, if
> > > > !  a particular CA has multiple key pairs). However, here we assume this
> > > > !  is the case following the use of Distinguished Names to identify
> > > > !  certificate issuers in TLS.

[...]

> The question is whether you can have multiple CA certificates with
> *identical* keys, not multiple certificates with the same modulus but
> different e/d. The answer to this is "yes". If you want to uniquely
> identify a cert you shoul duse a hash of the cert.

Ok. I follow this; the draft should really say that. So, just replace:

  However, here we assume this is the case following the use of
  Distinguished Names to identify certificate issuers in TLS.

with 

  Use a hash of the certificate to uniquely identify a certificate.

Of course, there could still be a hash collision, so the whole
certificate would need to be compared.  But that isn't really enough,
because ASN.1 encoders can produce ambiguous encodings of the same data.  
One really needs to compare the decoded ASN.1 data to see if it is the
same on two separate certificates.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
  - From: Eric Rescorla

Prev by Date: Re: [TLS] rfc4366-bis-03 Discuss #3: Applicability of MAC Truncation
Next by Date: Re: [TLS] WGLC for draft-ietf-tls-psk-new-mac-aes-gcm-03.txt
Previous by thread: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Next by thread: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Index(es):
- Date
- Thread

Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.