On Sun, Feb 26, 2006, Kyle Hamilton wrote: > On 2/25/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > > > > > It is the combination of issuer name + serial number which must be unique in > > general: that's enforced by several standards. > > > > Certain pieces of software assumes that issuer name + serial number can be > > used as a unique index and can cause all manner of problems if that turns > > out > > not to be the case. > > This raises the potential for a Denial of Service capability enforced > by the standards. (In fact, NSS got hit by this DoS issue several > years back, when an untrusted certificate with the same > IssuerName+SerialNumber was put in the certificate store without any > trust, and was used to verify certificates signed with that AKI... the > net effect being that certs signed by the trusted issuer couldn't be > verified.) >
Yes implementations have to be careful they don't make assumptions about untrusted certificates which may deliberately break the rules. > > An obvious consequence is that a CA cannot sign different certificates with > > the same serial number. > > > > Whether a CA can sign a certificate with its own serial number depends on > > the > > CA. > > > > If the CA has the same issuer name and subject name then it has > > effectively "issued itself" (the term "self issued" is sometimes used) so it > > cannot sign a further certificate with its serial number. > > > > In the case of CAs with different issuer and subject names that isn't the > > case > > and it can issue a certificate with its own serial number. > > > > Steve. > > Can you give me a pointer to the several standards that reflect and > enforce the issuer name + serial number uniqueness? > If you look for the "serialNumber" definition in many certificate texts it is either mentioned or implied. It is one of those things that is considered so fundamental it is often taken for granted. The uniqueness for a single CA is explicitly stated by 4.1.2.2 in RFC3280. There are several cases where it is implied by virtue of the fact that a certificate identifier is issuer name and serial number. If that was ambiguous certain protocols wouldn't work. CRLs are one example. AKID is another. S/MIME is another. The signer certificate(s) for signedData and the recipient certificate(s) for enveloped data are identified by issuer name and serial number. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
