On 2/25/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > On Sat, Feb 25, 2006, Kyle Hamilton wrote: > > > "serialNumber: A unique positive integer." At least I think. > > > > The type of serialNumber that should be accepted doesn't place any limits on > the sign. > > RFC3280 places restrictions on what a CA should generate. It says it must be > "non-negative" at one point which is >= 0. In another place it states that > zero > or negative in invalid i.e. >0 is valid.
ooh. Opportunity for errata. > > > > Issuing certificates with duplicate issuer and serial numbers is illegal > > > and > > > can cause strange problems which are difficult to diagnose. > > > > let's see... you're talking about the authorityKeyIdentifier? I > > thought that that went up 2 steps up the tree and then gave a serial > > number of cert issued by that CA. > > > > And I'm trying to parse this more effectively, can you tell me if you > > meant something other than: "A CA that issues certificates cannot > > issue a certificate that has the same serial number as its own serial > > number"? This suggests that the CA's serial number is imported into > > the context of its own signatures' serial numbers, even when it's a > > sub-CA? > > > > It is the combination of issuer name + serial number which must be unique in > general: that's enforced by several standards. > > Certain pieces of software assumes that issuer name + serial number can be > used as a unique index and can cause all manner of problems if that turns out > not to be the case. This raises the potential for a Denial of Service capability enforced by the standards. (In fact, NSS got hit by this DoS issue several years back, when an untrusted certificate with the same IssuerName+SerialNumber was put in the certificate store without any trust, and was used to verify certificates signed with that AKI... the net effect being that certs signed by the trusted issuer couldn't be verified.) > An obvious consequence is that a CA cannot sign different certificates with > the same serial number. > > Whether a CA can sign a certificate with its own serial number depends on the > CA. > > If the CA has the same issuer name and subject name then it has > effectively "issued itself" (the term "self issued" is sometimes used) so it > cannot sign a further certificate with its serial number. > > In the case of CAs with different issuer and subject names that isn't the case > and it can issue a certificate with its own serial number. > > Steve. Can you give me a pointer to the several standards that reflect and enforce the issuer name + serial number uniqueness? A more appropriate way of handling it would be issuer name + hash of pubkey + serial number -- even though this might screw up other parts of the authentication/verification protocol (esp. in the case of a CA rekey), it also allows for completely dead CA structures to not interfere with live ones. -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
