On 17/11/16 16:31, Erwann Abalea wrote:
> This results in the situation where a {BC:cA=True,
> keyUsage=keyCertSign+keyCrlSign} certificate would be denied the
> right to sign a CRL. Same reasoning with an OCSP response (signed by
> the CA itself).Well, OK. I think what I'm trying to achieve here (not allowing signing of attacker-controlled data) is clear; can someone tell me how to write that? >> Let's say someone signs an email cert from an intermediate without >> pathlen:0. If there's a collision, that signature can be passed to >> an intermediate cert which can sign email certs for any email >> address. But if it has a pathlen, they can only create an EE cert. > > An attacker could collide and generate a self-issued CA certificate, > again with BC:pathLenConstraint=0 (this is valid). Er, I don't understand what you are saying here. If it's self-signed, no-one would trust it. But it can't chain, because the intermediate about has pathlen=0. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
