Stop-at-key with new reduction procedure

[rivest@theory.lcs.mit.edu (Ron Rivest)]

I note here that the new reduction procedure (described in a previous
note) interacts smoothly with the "stop-at-key" propagation control
mechanism (described in another previous note).  

The new five-tuple reduction procedure had the following code for 
determining the subject S of the reduced certificate C representing
the compressed form of the certificate chain C1,C2,...,Cn.
	Let S = subject(C1).
	for j = 2 to n do
		if issuer(Cj) is a prefix of S
			then replace that prefix in S with subject(Cj)
		else error("certificate chain is not well formed")
	return(S)

To accomodate the stop-at-key propagation control mechanism, the 
code would be modified as follows:
	Let S = issuer(C1).
	for j = 1 to n do
		if issuer(Cj) is a prefix of S
		then 
		  { if (Cj contains ( may-delegate stop-at-key )
	                and issuer(Cj) is a proper prefix of S)
	            then 
		        error("violation of stop-at-key control")
	            else 
			replace that prefix in S with subject(Cj)
		  }
		else error("certificate chain is not well formed")
	return(S)

The intent here is that if we have an intermediate value of S
	S = {k,name1,name2,...,namek}
and we have a certificate that replaces a prefix of S, then that prefix
better be all of S, otherwise we will, after eventually reducing that
prefix to a single key, end up propagating beyond that key, contradicting
the stop-at-key control.

---

• Prev by Date: Five-tuple reduction (section 3.3.1) -- necessary fix
• Next by Date: Implications of the new reduction algorithm
• Prev by thread: Five-tuple reduction (section 3.3.1) -- necessary fix
• Next by thread: Implications of the new reduction algorithm
• Index(es):
  • Main
  • Thread