[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] New Issue: Key Identifiers Should Not Be Used for Signatures
Hal, After reading the long list of responses, there does not seem to be consensus that this is an issue, I'm willing to place a short paragraph in the security considerations section if you send me some text. Anthony Nadalin | work 512.436.9568 | cell 512.289.4122 |---------+----------------------------> | | "Hal Lockhart" | | | <hlockhar@bea.com| | | > | | | | | | 06/13/2003 05:02 | | | PM | |---------+----------------------------> >----------------------------------------------------------------------------------------------------------------------------------------------| | | | To: <wss@lists.oasis-open.org> | | cc: | | Subject: [wss] New Issue: Key Identifiers Should Not Be Used for Signatures | >----------------------------------------------------------------------------------------------------------------------------------------------| As we discussed, the algorithm(s) for computing a Key Identifier is profile-specific. However, the one used in the Interop with X.509 certs is based only on the Public Key, not only any unique aspect of the certificate and I assume other profiles may do the same. Certainly the name suggests that the value identifies the Key and not the Certificate, Ticket or Assertion. It makes perfect sense to use such an identifier when sending encrypted data. Its only purpose is to indicate to the recipient which key of possibly several keys it knows, should be used to decrypt the data. However, using a key identifier to indicate the key to be used for signature validation creates an exposure to a certificate substitution. This has been discussed in past on the IETF PKIX list. Basically it is perfectly possible and legal for several certificates to exist which refer to the same key pair. Thus although the validation process succeeds, the associated identity information is in doubt. For example, a party could later disavow a signature by producing a certificate that contains usage constraints that were not met. Another possibility for confusion might occur if one certificate was revoked and the other was not, or they were revoked at different times. For this reason, when verifying a signature it is important for the signer to indicate not just the key, but the certificate to be relied on. Hal You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]