[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Staged Certificate Validation



The simplicity of the representation put forth by Greg Rose in the thread
"make things as simple as possible" is compelling, both in the extensive
use of hashes for elements, and for the freedom to create "certificate-
like" things.  In particular, the idea of certifying the hash of another
certificate suggested (to me) a way to provide (impose?) both a degree
of structure, as well as a way to reduce bandwidth needs for much of the
routine operations. (May even make up for the bandwidth I'm using here :-)

This model might be called a "two-stage" certificate validation process.
Two signed objects ("Outer" and "Inner" certificates) are retrieved when
an "unknown" key is first presented.  I say two-stage because a validation
request may result in only the receipt of the Outer-Cert, which is then
used to request the Inner-Cert if this is a "first-time-seen" situation.
The Inner-Cert is separately signed, and may come packaged with unsigned
"addenda" such as the strings whose hashes appear in these certificates.
This Inner-Cert can be passed about freely, with relying parties making
requests for the Outer-Cert only, which "certifies" the Inner-Cert.

The "Outer Cert" contains primarily the CA information, an arbitrary
ID/Serial number, and the hash of the CA signature of an "Inner Cert".
It also contains a "Cert Validity" date/interval that corresponds to
the pkix "Expiry-Date" indicating how long the CA intends to be held
responsible for its issuance, CRL-updates, etc.

The "Inner Cert" is used to bind a signed key to a set of meanings.
It contains no (necessary) reference to the CA, Cert-Location, etc.
It *does* contain the matching ID/Serial number of the Outer-Cert,
without which it is implicitly understood to be without force,
regardless of the appended CA signature.
It may also hold "Key Validity" date/interval(s) indicating when
the Signed-Key is good for signing. (This is an extension presently
being debated on the pkix list, and thank-you's to Bob Jueneman and
Denis Pinkas for the "Private Key Validity Period" thread that helped
to clarify the distinction for me.

As a wrap-up, here is one depiction of the Inner and Outer Certificates:

"Outer Cert" (Referencing Certificate)

  (Cert-Info)
    Outer-Cert-ID/Serial
    (hash of) <CA_ID>
    (hash of) <CA_KEY> (or of CA-key-cert)
    (hash of) <CERT_LOC>
    (hash of) <CERT_VALIDITY>
  (Binding)
    (hash of) <(CA-Signature of) Referenced Certificate>
  [CA-Signature]


"Inner Cert" (Referenced Certificate)

  (Cert-Info)
    (hash of) <Outer-Cert-ID/Serial>
    (hash of) <KEY_VALIDITY>
  (Binding)
    (hash of) <SIGNED_KEY>
    (hash of) <MEANING(S)>
  [CA-Signature]


In another form, the Inner-Cert could be a full pkix-style Identity cert,
and the Outer-Cert could add additional priviledges detailed in the binding.
In retrospect, that is closer to the form in the examples given by Greg.