hash - Is it correct to fail validation of a X509 certificate if the issuer Name is encoded differently but the Key validates? -
this has been troubling me time.
usually when searching in trust store issuer certificate of certificate in order validate signature, first algorithm comes mind index trust store hashing subject line of certs can hash issuer , find cert quickly. dealing collisions doing memcmp() of asn.1 of issuer of one, asn.1 subject of other; before checking actual signature.
but, ok if both certificates check have been issued same entity, happen if issuer certificate used create certificate using piece of software in process changes 1 of fields on issuer -let's say- ia5string (0x16) printable (0x13), correct behavior fail validation?
i mean, oid , value not change, asn.1 encoding, result certificate won't found (wrong hash) , not validate.
is behavior correct?
the certificate theoretically valid, has been signed correct key, validate: (i.e. first calculate hash of 'tbscertificate', use public key of issuer obtain hash 'signaturevalue', compare them , indeed verify match).
nowhere know of -although have not searched exhaustively- there obligation issuer use exact same encoding on issuer name 1 used on subject name of issuer cert. actually, rfc-5280 says in section 4.1.2.4 (issuer):
when cas have issued certificates issuer fields attributes encoded using teletexstring, bmpstring, or universalstring, ca may continue use these encodings of directorystring preserve backward compatibility. note word 'may' in capitals, highlighting free choice.
so think freedom why openssl came one-line thingy, compare names after have been decoded , therefore avoid encoding issues when searching them.
but if technically correct it, imho not correct modify issuername if still correct after decoding, because introduces lot of possibilities potentially used find hash collisions , avoiding should made part of validation. why asking question.
i not asking think this, asking more experienced show me right or wrong.
is correct behavior fail in situation?
dns compared using rules specified in rfc 5280 section 7.1:
7.1. internationalized names in distinguished names representation of internationalized names in distinguished names covered in sections 4.1.2.4, issuer name, , 4.1.2.6, subject name. standard naming attributes, such common name, employ directorystring type, supports internationalized names through variety of language encodings. conforming implementations must support utf8string , printablestring. rfc 3280 required binary comparison of attribute values encoded in utf8string, however, specification requires more comprehensive handling of comparison. implementations may encounter certificates , crls names encoded using teletexstring, bmpstring, or universalstring, support these optional.
the rfc goes on explain comparison algorithm in detail, above can see although strings must decoded prior comparison (i.e. not binary comparison), support deprecated encodings optional
. therefore, valid behaviour validation fail in scenario - implementations may handle this, , others may not.
Comments
Post a Comment