Anders Rundgren wrote, On 2009-03-23 08:19: > In theory TLS path-building could be addressed by server-admins.
Yes, they could do that in their roles as Subject parties and as Relying parties. I'd definitely recommend the former. The latter may be a good alternative to AIA because it would avoid the vulnerability. > Unfortunately practice shows that users (RPs) of third-party PKIs do not > get informed by CAs when it is time to install a new immediate CA > certificate because the brand (root) have expanded their > issuing-customer base or when a single CA adds a new immediate CA for > performance/migration reasons. It's sufficient for the CA to send the complete cert chain to the Subject party when it issues a new cert to that party. > Due to that some issuers have reverted to putting the entire path > (possibly minus the root) into their cards to not get problems with > non-MSIE users. Smart! > This method is outside of FIPS201 and the Federal > Certificate profile which says AIA is a MUST (in the certs). Yes, it says the AIA must be there. I have no problem with that. If a Subject party (the party who is sending out the cert that identifies itself) discovers that it has, and is sending out, an incomplete cert chain, the AIA provides a convenient way for it to know where to go to get the missing intermediate CA certs. It's no risk for the relying party to rely on the AIA in his own cert which he received directly from the CA. Perhaps PSM should have a feature, used at cert import time, that discovers that the chain is incomplete and offers, at that time, to go and fetch the missing certs in the chain via AIA. > There are commercial trust networks that would need 30+ certificates to > be output. Yeah, but TLS can handle that. > IMO, AIA is required in both ends because there is nothing in the TLS > spec that requires you to provide the complete path in any end. LOL. SO, the lack of a simply-stated requirement in the TLS RFCs that a complete chain must be sent means there's no requirement to do that, but the lack of ANY requirement to implement cert fetching in those same RFCs means there IS a requirement to do so? LOL. > Using AIA Ca Issuers, only roots and EE certs are exchanged on the wire. Sure. They can do that, with the attendant risks I previously described in detail. (Poor Alice!) > Anders /Nelson -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
