David,
I agree with your assessment that the later paragraphs of 3.4 deal with
revocation status attacks that are independent from the dual cert chain
attack that is the focus of that section. I should not have placed that
text in 3.4/
While one could add text about revocation status attacks to the sections
you cited (where it is not already present), I think it is useful to put
this discussion in one place. I have added section 3.5 and moved the
later paragraphs from 3.4 there, along with some minor edits to make it
an independent section ("Attacks Related to Distribution of Revocation
Status").
I disagree with you interpretation of the final sentence of the third
(not fourth) paragraph. It does not imply that the two parent CAs know
of each other's cert issuance behavior. It merely states that each
parent may have issued a cert to a malicious CA in good faith, despite
the name & key collision. We've had the discussion about whether 5280
prohibits duplicate names, and the on-list consensus was that it does not.
Version 10 will be posted next week, with the changes noted above.
Steve
_______________________________________________
Trans mailing list
Trans@ietf.org
https://www.ietf.org/mailman/listinfo/trans