| |
 |
|
|
Science Forum Index » Cryptography Forum » Unsigned CSR vulnerability...
Page 1 of 1
|
| Author |
Message |
| JHAF... |
 Posted: Mon Jul 21, 2008 4:54 am |
|
|
|
Guest
|
RFC 2986 (PKCS #10: Certification Request Syntax Specification Version
1.7) describes a vulnerability related to an unsigned CSR:
"The signature on the certification request prevents an entity from
requesting a certificate with another party's public key. Such an
attack would give the entity the minor ability to pretend to be the
originator of any message signed by the other party. This attack is
significant only if the entity does not know the message being signed
and the signed part of the message does not identify the signer. The
entity would still not be able to decrypt messages intended for the
other party, of course."
Another vulnerability could arise if unsigned CSRs weakens non-
repudiation. Let's suppose that Alice is requesting a certificate and
does know that the CSR will go unsigned to the RA/CA. After the
certificate is issued, she repudiates a purchase statement signed with
the private key saying that "she didnīt have access to the private
key" or "she didn't control it". Will an impartial observer (say, a
judge) consider reasonable this declaration?
JHAF |
|
|
| Back to top |
|
| Peter Pearson... |
| Posted: Mon Jul 21, 2008 11:28 am |
|
|
|
Guest
|
On Mon, 21 Jul 2008 07:54:57 -0700 (PDT), JHAF <jhafranco at (no spam) gmail.com> wrote:
[snip]
Quote: Another vulnerability could arise if unsigned CSRs weakens non-
repudiation. Let's suppose that Alice is requesting a certificate and
does know that the CSR will go unsigned to the RA/CA. After the
certificate is issued, she repudiates a purchase statement signed with
the private key saying that "she didnīt have access to the private
key" or "she didn't control it". Will an impartial observer (say, a
judge) consider reasonable this declaration?
How will signing the CSR affect the plausibility of Alice's claim?
In particular, if Alice is claiming that some bad guy signed the
purchase statement, can't she also claim that some bad guy signed
the CSR?
--
To email me, substitute nowhere->spamcop, invalid->net. |
|
|
| Back to top |
|
| JHAF... |
| Posted: Tue Jul 22, 2008 7:45 am |
|
|
|
Guest
|
On 21 jul, 13:28, Peter Pearson <ppear... at (no spam) nowhere.invalid> wrote:
Quote: On Mon, 21 Jul 2008 07:54:57 -0700 (PDT), JHAF <jhafra... at (no spam) gmail.com> wrote:
[snip]
Another vulnerability could arise if unsigned CSRs weakens non-
repudiation. Let's suppose that Alice is requesting a certificate and
does know that the CSR will go unsigned to the RA/CA. After the
certificate is issued, she repudiates a purchase statement signed with
the private key saying that "she didnīt have access to the private
key" or "she didn't control it". Will an impartial observer (say, a
judge) consider reasonable this declaration?
How will signing the CSR affect the plausibility of Alice's claim?
In particular, if Alice is claiming that some bad guy signed the
purchase statement, can't she also claim that some bad guy signed
the CSR?
If we see a public-key certificate as a pair of relationships, one
explicit (identity, public key) and the other implicit (private key,
public key), in this scenario only the first relationship was checked
but not the second.
In other words, the unsigned CSR prevents the CA from being sure about
Aliceīs control of the private key associated to the public key in the
CSR. Will this fact make Alice's purchase repudiation plausible? |
|
|
| Back to top |
|
| |
|
Page 1 of 1
All times are GMT - 5 Hours
The time now is Sat Nov 22, 2008 7:39 pm
|
|