[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certificate chains

There have been a couple of comments about certificate chains having the
property that "the subject of one certificate is the issuer of the next".
This is NOT NECESSARILY TRUE in the context of names.  With a pure key
system (as for the original SPKI design), this was OK.  But now you can
have something of the form:

	Issuer 		---> 	Subject
C1	Self 		--->    (ref K1 microsoft bill-gates)
C2	K1 microsoft	--->	K2
C3	K2 bill-gates	--->    K3 

Note that the issuer of C2 is not the same as the subject of C1, and that
the issuer of C3 is not the same as the subject of K2.

It is not even the case that the issuer of one cert must be an initial
segment of the subject of the previous one (as in C2/C3) above.

A chain is valid when the following procedure never gets stuck:
	start with the issuer of the first cert.  Call it W.
	for each cert in turn:
		check that the issuer of that cert matches an initial
			segment of W (or possibly all of W).
		replace that initial segment of W with the subject of the cert

In the above example, we have
	W = (ref K1 microsoft bill-gates)
	W = (ref K2 bill-gates)
	W = (ref K3) [ which is the same as K3]

Ron Rivest