[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Stop-at-key with new reduction procedure
I note here that the new reduction procedure (described in a previous
note) interacts smoothly with the "stop-at-key" propagation control
mechanism (described in another previous note).
The new five-tuple reduction procedure had the following code for
determining the subject S of the reduced certificate C representing
the compressed form of the certificate chain C1,C2,...,Cn.
Let S = subject(C1).
for j = 2 to n do
if issuer(Cj) is a prefix of S
then replace that prefix in S with subject(Cj)
else error("certificate chain is not well formed")
return(S)
To accomodate the stop-at-key propagation control mechanism, the
code would be modified as follows:
Let S = issuer(C1).
for j = 1 to n do
if issuer(Cj) is a prefix of S
then
{ if (Cj contains ( may-delegate stop-at-key )
and issuer(Cj) is a proper prefix of S)
then
error("violation of stop-at-key control")
else
replace that prefix in S with subject(Cj)
}
else error("certificate chain is not well formed")
return(S)
The intent here is that if we have an intermediate value of S
S = {k,name1,name2,...,namek}
and we have a certificate that replaces a prefix of S, then that prefix
better be all of S, otherwise we will, after eventually reducing that
prefix to a single key, end up propagating beyond that key, contradicting
the stop-at-key control.