[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certificate chains

To: spki@c2.net
Subject: Certificate chains
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Tue, 08 Apr 97 20:54:42 EDT
Cc: blampson@microsoft.com
Sender: owner-spki@c2.net


There have been a couple of comments about certificate chains having the
property that "the subject of one certificate is the issuer of the next".
This is NOT NECESSARILY TRUE in the context of names.  With a pure key
system (as for the original SPKI design), this was OK.  But now you can
have something of the form:

	Issuer 		---> 	Subject
	-----------------------------------------------------
C1	Self 		--->    (ref K1 microsoft bill-gates)
C2	K1 microsoft	--->	K2
C3	K2 bill-gates	--->    K3 

Note that the issuer of C2 is not the same as the subject of C1, and that
the issuer of C3 is not the same as the subject of K2.

It is not even the case that the issuer of one cert must be an initial
segment of the subject of the previous one (as in C2/C3) above.

A chain is valid when the following procedure never gets stuck:
	start with the issuer of the first cert.  Call it W.
	for each cert in turn:
		check that the issuer of that cert matches an initial
			segment of W (or possibly all of W).
		replace that initial segment of W with the subject of the cert

In the above example, we have
	W = (ref K1 microsoft bill-gates)
	W = (ref K2 bill-gates)
	W = (ref K3) [ which is the same as K3]

Ron Rivest

Follow-Ups:

Re: Certificate chains

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Tag-ids
Next by Date: Re: Tag-ids
Prev by thread: Re: Tag-ids
Next by thread: Re: Certificate chains
Index(es):
- Main
- Thread