I agree with your assessment that the later paragraphs of 3.4 deal with revocation status attacks that are independent from the dual cert chain attack that is the focus of that section. I should not have placed that text in 3.4/

While one could add text about revocation status attacks to the sections you cited (where it is not already present), I think it is useful to put this discussion in one place. I have added section 3.5 and moved the later paragraphs from 3.4 there, along with some minor edits to make it an independent section ("Attacks Related to Distribution of Revocation Status").

I disagree with you interpretation of the final sentence of the third (not fourth) paragraph. It does not imply that the two parent CAs know of each other's cert issuance behavior. It merely states that each parent may have issued a cert to a malicious CA in good faith, despite the name & key collision. We've had the discussion about whether 5280 prohibits duplicate names, and the on-list consensus was that it does not.

Version 10 will be posted next week, with the changes noted above.

Trans mailing list

Reply via email to