X.509, SSL & security of decentalized certification

Ian Clelland ian at veryfresh.com
Mon Jun 24 12:07:15 EDT 2002 

On Sun, Jun 23, 2002 at 10:22:42AM +0200, Amir Herzberg wrote:
> This is not as simple as one may expect. X.509 has a hierarchy mechanism
> designed for allowing organizations issue (or at least control) certificates
> of departments and employees - the Distinguished Name (DN) and its keywords.
> However, browsers normally identify the server by its DNS name, which is
> usually included in the dNSName attribute in the subjectAltName extension,
> rather than in the X.509 DN. DNS names do not have a completely well defined
> structure, which makes it difficult to limit the organization's CA to
> issuing certs only to its employees and departments (e.g. would IBM's CA be
> able to issue certs for www.ibm.co.uk ?).

The global DN hierarchy has many of the same problems as the DNS. Your 
example of IBM  and IBM UK encounters the same problem with X.500 DNs. 
"c=US, o=IBM" is not related at all to "c=UK, o=IBM". Most 
organisations, though, do not have multiple roots in DN-space, and 
those that do would have little difficulty in getting each of those 
roots verified by a global root CA.

> Anyway, the validation is up to the browser - it is _not_ part of the
> SSL/TLS functionality. Furthermore, while X.509 and PKIX have mechanisms to
> allow a root CA to restrict the scope of certificates issued by a root CA,
> these mechanisms seem to focus on restricting the distinguished names in the
> issued certificates, rather than the subjectAltName (and in particular the
> DNS name). So my bet is that all or most browsers will not reject
> certificates with arbitrary DNS names issues by a corporation with a CA
> certified by RSA (or any other root CA). 

So there is a real problem, then, if third-level certificates can only 
be authenticated based on their X.500 DN, but the browser has no method 
of associating the IP address or DNS name with any DN.

That's really unfortunate, and looks like the system of CAs and certs 
for the web has been crippled from the beginning.


Ian Clelland
<ian at veryfresh.com>

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list