Paul,
Paul Hoffman wrote:
3) A corollary of (2): Even when parent == grandparent, and hence parent
is also a sibling, it's not generally true that you can use the OCSP URL
from the parent to check the OCSP status of a child.
All of that is true (and is true for CRLs, I believe), but it is not what I was speaking to. The recent MD5 attack creates a rogue sub-CA, that is a new child of one of your trust anchors. The Microsoft article made it sound (to me, at least) that if the rogue sub-CA (the child) has a AIA, then IE will not look in the parent's AIA to determine the status of the child. If that's true, it is broken.
>Each level of the family can have its own AIA that applies to all of
its children, not just to end entities.
The last sentence is what I believe Nelson was disputing.
As far as I know, the AIA only applies to the end entity certificate,
and not to any children certificates. Do you have any evidence in any
standard that this is not the case ?
From RFC3280 :
4.2.2.1 Authority Information Access
The authority information access extension indicates how to access CA
information and services for the issuer of the certificate in which
the extension appears.
In other words, if you examine the AIA of an intermediate certificate,
you will access the services of the intermediate's issuer (perhaps the
root). You would not be able to use the OCSP responder to check the EE
certificate's revocation status.
It seems to me also that a self-signed certificate marked as a trust
anchor, ie. a root, probably shouldn't have an AIA extension. At least
it wouldn't make much sense for it to point to any OCSP responder, since
the root cannot revoke itself - there is no one above the root to revoke it.
4) Trust anchors are not necessarily roots.
Of course. I'm not seeing where that is relevant here, but I could be missing
something.
5) Most roots don't have AIA cert extensions. Only 8 out of the 125 roots
in nssckbi have them.
Now *that* is sad. I was hoping for closer to 50%. It does not make my argument
wrong, just pretty moot.
No, I think the 8 are probably an anomaly. I wonder why they have it at
all. Perhaps these are not really roots . There was a time in the past
when there were some intermediates in nssckbi.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
