Hi,
  Would all this extra signing lead to unnecessary leakage of the CA private 
key?  Do private keys become "stale" after too many uses and/or time?

thanks!
Robert


-----Original Message-----
From:   [EMAIL PROTECTED] on behalf of Martin Bartosch
Sent:   Wed 8/18/2004 8:41 AM
To:     [EMAIL PROTECTED]
Cc:     
Subject:        [OpenCA-Devel] Design issue: Role signatures and conflicts with key 
usage bits for CA certificates
Hi,

the (now fixed) recent problem with the signed role for a new certificate
raises several interesting problem, at least for me.

In OpenCA standard configuration the CA certificate itself
is issued with the following key usages:

  digitalSignature, nonRepudiation, cRLSign, keyCertSign

However, I believe that CA certs should NOT be used for anything else
than signing CRLs and certificates, and this would only require the CA
cert to have the key usage bits

  cRLSign, keyCertSign

These are also the only key usages that are allowed according to
ISIS-MTT for CA certificates, and I believe that there will be
environments that will want to adhere to this standard.


This has several implications:

* OpenCA uses the CA certificate for signing the cert Role. (BTW:
  openca-sv does use the CA cert regardless of its key usage
  bits - and can create invalid signatures this way!)

* Verification of this signature (correctly) fails as reported
  by openca-sv verify) because of incorrect key usage bits in
  the CA certificate if the ISIS-MTT conforming profile is used.

* The CA private key usage should IMHO be limited to the absolutely
  necessary minimum, and this is cert signing and CRL signature only.
  Using the CA key for creating PKCS#7 signatures violates this
  principle and introduces not really necessary audit events
  once we have implemented the private key counter.

* I am somewhat unsure if the signature on the Role is really
  necessary - what is the rationaly behind this anyway? The
  CA signed the cert, so it has expressed consent that this
  certificate (with the attached cert policy) is valid. A signed
  "Role" seems redundant to this policy to me.

* I may be wrong, but I think the signature on the Role does not
  add any security, because the clear text seems to be only the
  Role name, making it possible to copy the signature and use it
  for another certificate.

To sum this up I think that using the CA cert is a bad idea
and that it should either be possible to switch it off or at least
to specify a dedicated CA auxiliary certificate that is issued
by the CA when setting up the system and then used to sign such stuff.

What do you think?

Martin



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel



<<winmail.dat>>

Reply via email to