On Tue, May 5, 2015 8:55 am, David Woodhouse wrote: > I'm talking about the serial numbers of the certs issued *by* the two > "My CA"s.
Good to have that clarification :) Different CAs (in as much as different public keys), but with the same DER-encoded subject name (not necessarily the same DER-encoded issuer name, but that's irrelevant), and the same starting serial number (1). The question is how to distinguish certificate (or public key) objects between the two, so that we could construct an unambiguous identifier. I'm ignoring AKI/SKI - they're not unique disambiguators, even though some people use them as such. Treat them as "optional, untrusted". That it works for you is great, but same problem here - not guaranteed. We'll call them CA 1 and CA 2, even though they share the same subject, because they share different public keys. Let's look at the PKCS#11 attributes for the CKO_CERTIFICATE object type with CKC_X_509 CKA_SUBJECT - required. Will be identical for the two objects CKA_VALUE - required if CKA_URL is absent; unique CKA_URL - required if CKA_VALUE is absent; unique if the certs are different CKA_SERIAL_NUMBER - optional (CKA_ID is optional, as are CKA_HASH_OF_[SUBJECT/ISSUER]_PUBLIC_KEY, the latter two wouldn't be sufficient under "same-CA rekey" though) So to uniquely identify a certificate, you look up for *all* CKA_SUBJECT matches, then get the CKA_VALUE/CKA_URL to do the comparisons. Does that work for PKCS#11 URLs? Absolutely not. That's because there IS NOT a unique disambiguator that can be provided apriori if you don't know the certificate. As Bob notes, it's entirely valid for two objects to have the same CKA_ID and distinct CKA_SUBJECTs. In fact, that's *explicitly* called out in the description of CKC_X_509 "Since the keys are distinguished by subject name as well as identifier, it is possible that keys for different subjects may have the same CKA_ID value without introducing any ambiguity." Further, I'm having a hard time finding a normative reference in any of the PKCS#11 RFCs that require the CKA_ID values be unique for a given CKA_SUBJECT (only non-normative descriptions that they should be, or are intended to be). Is this a problem in practice? Unknown. But it does indicate that the PKCS#11 URIs are not in and of themselves sufficient to uniquely and unambiguously identify an object, per spec. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
