S/MIME revocation lists signed by different CA?

Werner Koch wk at gnupg.org
Wed Aug 4 10:50:08 CEST 2010

On Mon,  2 Aug 2010 22:14, bernhard at intevation.de said:

> both roots are trusted, somehow I still would expect
> dirmngr to reject the A certificate because the CRL
> was not signed by CA A, the same authority that issued it.

The whole X.509 system has deployed today does not use a single root CA,
as it was designed to, but the IUCC [1] system where all root
certificates you trust make up one giant virtual single root CA.  Thus
it doesn't matter which root CA issued the CRL.

Of course we could check that a specific CRL has been signed by a CA
which ultimately is anchored at the root CA which issued the certificate
you want to check with the CRL.  This would be another exception to the
complicated X.509 system but of course doable.  I doubt that this is
really useful.  What is the threat model?  Another CA would be able to
revoke a certificate - Is that actually more harmful than this other CRL
issuing a fake certificate?  I doubt that.

IIRC, I once noticed a legitimate certificate which pointed to a CRL
which was ultimately certified by a different root CA.  Exactly the
case you described - do you want to break those certificates?



[1] Implicy Universal Cross-Certification

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list