OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] New Issue: Key Identifiers Should Not Be Used for Signatures





Hal,

After reading the long list of responses, there does not seem to be
consensus that this is an issue, I'm willing to place a short paragraph in
the security considerations section if you send me some text.

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           "Hal Lockhart"   |
|         |           <hlockhar@bea.com|
|         |           >                |
|         |                            |
|         |           06/13/2003 05:02 |
|         |           PM               |
|---------+---------------------------->
  >----------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                              |
  |       To:       <wss@lists.oasis-open.org>                                                                                                   |
  |       cc:                                                                                                                                    |
  |       Subject:  [wss] New Issue: Key Identifiers Should Not Be Used for Signatures                                                           |
  >----------------------------------------------------------------------------------------------------------------------------------------------|




As we discussed, the algorithm(s) for computing a Key Identifier is
profile-specific. However, the one used in the Interop with X.509 certs is
based only on the Public Key, not only any unique aspect of the certificate
and I assume other profiles may do the same. Certainly the name suggests
that the value identifies the Key and not the Certificate, Ticket or
Assertion.

It makes perfect sense to use such an identifier when sending encrypted
data. Its only purpose is to indicate to the recipient which key of
possibly
several keys it knows, should be used to decrypt the data.

However, using a key identifier to indicate the key to be used for
signature
validation creates an exposure to a certificate substitution. This has been
discussed in past on the IETF PKIX list. Basically it is perfectly possible
and legal for several certificates to exist which refer to the same key
pair. Thus although the validation process succeeds, the associated
identity
information is in doubt. For example, a party could later disavow a
signature by producing a certificate that contains usage constraints that
were not met. Another possibility for confusion might occur if one
certificate was revoked and the other was not, or they were revoked at
different times.

For this reason, when verifying a signature it is important for the signer
to indicate not just the key, but the certificate to be relied on.

Hal


You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]