Strength in Complexity?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jul 7 05:07:15 EDT 2008
Paul Hoffman <paul.hoffman at vpnc.org> end:
>Wrong. There is no requirement to "ignore everything else in the
>cert". There is simply no requirement to use that material.
I suspect we're in violent agreement over this, just from two different
persepectives. From a security threat-modelling view I have to look at what
the worst is that can happen if I deploy a cert (or whatever else it is I'm
deplying). Since the spec says that an implementation is free to ignore every
single extension in a trust anchor/root cert then I have to assume that no
extension I put in a root cert will ever be enforced (it *might* be, but it's
not safe to rely on it). From an optimist's point of view the spec is
guaranteeing that extensions will be enforced. From a paranoid security
person's point of view the spec is guaranteeing that no extensions will be
enforced. I'm in the latter camp.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list