Re: Path Discovery Test Outline

Re: Path Discovery Test Outline - Test Case 4.1.1.3

Subject: Re: Path Discovery Test Outline - Test Case 4.1.1.3

From: "David A. Cooper" <david.cooper@nist.gov>

Date: Mon, 18 Dec 2006 13:54:37 -0500

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset=ISO-8859-1

In-Reply-To: <7E19CB0359C4684887FB8C663DFD7108019943BF@namail2.corp.adobe.com>

References: <7E19CB0359C4684887FB8C663DFD7108019943BF@namail2.corp.adobe.com>

User-Agent: Thunderbird 1.5.0.8 (X11/20061109)

Steven,

While I have seen many people on the PKIX mail list refer to CRLs such as the one described below as indirect CRLs, they are not.

As you noted, an indirect CRL is a CRL whose scope includes certificates issued by an entity other than the issuer of the CRL and when a certificate is covered by a CRL that was issued by an entity other than the certificate issuer the certificate must include a cRLDistributionPoints extension that includes a cRLIssuer field that identifiers the issuer of the CRL. In X.509, however, entities are identified by name. So, if the issuer name in the certificate and the issuer name in the CRL are the same, then the certificate and CRL have the same issuer. It does not matter that the certificate and CRL were signed with different keys.

So, in test case 4.1.1.3, the certificate and CRL are issued by the same entity and the CRL is not an indirect CRL. So, there is no need for the certificate to include a cRLDistributionPoints extension in which the cRLIssuer field is present and there is no need for the CRL to include an issuingDistributionPoint extension with the indirectCRL flag set to TRUE.

BTW, if you have any doubt about whether the key that is used to sign an object affects the determination of what entity signed the object, I would note that X.509 (and RFC 3280) defines the terms self-issued and self-signed. X.509 defines self-issued certificate as

A public-key certificate where the issuer and the subject are the same CA. A CA might use self-issued certificates, for example, during a key rollover operation to provide trust from the old key to the new key.

and defines self-signed certificate as

A special case of self-issued certificates where the private key used by the CA to sign the certificate corresponds to the public key that is certified within the certificate.

(RFC 3280 states that "[a] certificate is self-issued if the DNs that appear in the subject and issuer fields are identical and are not empty.")

If one argued that the scenario in test test 4.1.1.3 involved an indirect CRL since different keys were used, then similar logic would lead to the conclusion that key rollover certificates are not self-issued since the issuer and subject are not the same CA. It would also lead to the conclusion that the only certificates that are self-issued are self-signed certificates. But, these conclusions would clearly contradict the definitions of self-issued and self-signed in X.509 and RFC 3280.

Dave

Steven Madwin wrote:

It seems to me that there is a flaw in Path Discovery Test Outline, test case 4.1.1.3, but alas I'm not sure and would appreciate any feedback either describing the error of my ways or, if you agree with my logic.

Here is a summary of what's occurring:

- The end-entity certificate does not contain a CRL Distribution Points (CDP) extension.

- The key that signed end-entity certificate is not the same key that signed the CRL

To paraphrase section 4.2.1.14 of RFC 3280, if the issuer of the end-entity certificate is not the same as the issuer of the CRL, then the end-entity certificate must contain a CDP extension and the CDP must contain the cRLIssuer field. As such, because the "Rudimentary Directory Path Discovery EE Certificate Test3" does not contain a CDP the indirect CRL should not be considered valid. Without a valid CRL the digital signature should not be considered valid when requiring revocation checking, but the expected result is that the path should validate successfully.