X.509 Certificates: A Readable Unabridged Inside View
NOTE: This is a companion text to the paper "Overview
of Certification Systems: X.509, CA, PGP and SKIP" and provides a graphic,
didactic illustration of the technical matters discussed in the paper regarding
X.509 and CA certification systems.
E.
Gerck,N.
Bohm
Copyright © 1998 by E. Gerck, N. Bohm
and MCG, first published in February 15, 1998 by the MCG
All rights reserved, free copying and citation
allowed with source and author reference.
1. Problem:
As referenced in the paper Overview
of Certification Systems: X.509, PKIX, CA, PGP and SKIP [Ger00],
X.509 (and PKIX) Certificates and CA assurances are difficult to read and
understand for several reasons. To begin with, X.509 Certificates are encoded
in ASN.1/DER, which even experts can't agree on how to implement and code/decode
in all cases. Second, X.509 Certificates and CA assurances contain fields
which are not very intuitively defined or even coherent with their names,
such as the Distinguished Name field, which is neither always distinguished
nor necessarily contains the subject's name. Third, the field names have
a context which is not clear and which can be specified in a variety of
documents, sometimes in conflict with one another, such as by X.509 itself,
by the CA's CPS, by the CA without anyone knowing it or by laws which depend
on a particular state and country. Fourth, the user cannot usually find
all this information at hand and is thus left groping in the dark as to
what the certificate really is, contains or warrants. Fifth, other reasons
such as the naming procedures used, the certification chain, etc.
This means that a X.509 Certificate issued by a CA cannot be considered
as an easy and objective truth, because it depends not only on intersubjective
evaluations but also on hidden
rules.
Therefore, how can you rely upon a X.509 Certificate unless, of course,
you can read it and understand all of its ins and outs and ifs and whens?
2. Solution:
Since all X.509 Certificates follow X.509, if we do not try to decode
it from a particular ASN.1. implementation but instead provide it in a
generic and readable ASCII text, then it is possible to make it human readable
and include general interpretation guidelines or placeholders so
that a user may approximately know what certificates are, contain and warrant.
In order to provide a bird's eye view of the companion paper cited above,
we have prepared the "Unabridged X.509 Certificate" which contains the
full
explicit and implicit content of a generic X.509 certificate and thus may
well represent what is meant by any X.509 Certificate that the reader may
need to accept or buy for https (SSL) access, for S/MIME e-mail, etc.
The same applies to PKIX certificates, which are derived from the X.509
concept.
For the sake of further understanding and recognizing the subjective
nature of this endeavor, we present the "Unabridged X.509 Certificate"
from two different viewpoints. The first one is that of a lawyer, the second
one is that of a savvy user who would look for all the references. The
technical viewpoint has already been presented in the companion paper "Overview
of Certification Systems: X.509, PKIX, CA, PGP and SKIP".
The unabridged version provided here is a nearly complete insider view
which contains all references and indirect references we could possibly
find. When it is not possible to find the reference or exactly specify
the wording to be used, such as when a reference depends on the CA's CPS
which may be different for each CA and may change at will at any time,
a placeholder description is used so the reader is aware that the reference
still depends on further information which we do not have (nor the user
will have).
Note: the Unabridged X.509 Certificate is presented
in a didactic format, somewhat less terse than the companion paper,
in order to be easier to understand than the formal text of the companion
paper. However, it reflects the same points reviewed in the paper
and is as accurate as subjectively possible.
3. The Unabridged X.509/PKIX Certificate: How a Lawyer Would Describe a
X.509/PKIX Certificate
"By issuing this certificate We state in accordance
with the rules which We
make and vary as We think fit for that purpose
from time to time without
accepting any obligation to any other person
(including any Internet
standardization entity) for the effect or consequences
of Our choice of
those rules or of Our variation of them, hereafter
called "CPS," that:
1. The text string herein designated 'name' contains
the string received by Us
from a person, entity or machine, hereafter called
entity, claiming it as that
entity's name.
2. We may have taken some measures at some time
to receive evidence (which
We may not have preserved and may not be able
to produce) of a
connection between the name and the entity from
whom it was apparently
received.
3. We have reproduced the string as We believe
that We received it, which
We have denoted and formatted as to Our exclusive
understanding of it,
of its context and of its validity, as regulated
by Our CPS.
4. We may have tested the bit string herein designated
'key' to test whether,
at the date appearing in this certificate, it
appears to correspond to a
counterpart apparently available to the entity
from whom We apparently
received the name.
5. We are whom We claim to be. This claim
can be verified by checking Our
signature on this certificate We supply with
a key which We claim to be Our
public key.
We do not offer you any grounds for believing that the public
key in question
is Our public key or that it has not been revoked before
or after the date
of signature of this certificate. The only evidence We
provide of the correctness
of the date of signature stated in this certificate is
that it is dated
before the date on which you are reading this certificate.
6. We may revoke this certificate at any time
without telling you or anyone
else. The fact that you have downloaded
this certificate from Our server
does not mean that it has not previously been
revoked. The fact that no
revocation for it can be found in Our server
does not mean that this
certificate is valid either.
7. You may rely on this certificate only at your
own risk, and by so doing
you confirm your acceptance of the conditions
subject to which it is issued
as stated in the CPS for the time being in force,
which is not to be
construed as any obligation regarding the time
this certificate was signed by Us or
used by you.
These conditions include terms prohibiting you from claiming
to be inadequately
qualified or trained to understand or apply the conditions,
or to have relied
upon Us as an expert, or that you were forced to rely on
Us through lack of information with which to
verify Our statements, or that
you were forced to rely on Us through lack of
choice by any reason such as
the named entity's lack of alternatives for certificates,
the browser's lack
of alternatives for embedded root keys, etc.
8. What public-key cryptography has joined, may
time and machines not part,
but of such binding We provide no assurance.
In Honor of Our Root-Certificate, which
attests to Our faith in the
Root-Key, until We decide to revoke them but
maybe not both."
3. The Unabridged X.509 Certificate: A Savvy User's View
"I, the CA, declare by my own authority
that this text string which
was apparently received
from the entity named in it, which/who I may
have never seen,
to be copied as apparently received and formatted
by
myself in such a
way that it conforms to my own heart's content
and
self-defined rules
(CPS) which I can change at any moment now
or in
the future at will,
for which declaration I provide no guarantee
or
assurances, to be designated
as 'name'; and I also declare under the
same conditions decided
by myself, that this bit string which I may
have
tested to verify if it corresponds
to a private counterpart apparently in
possession of the same apparent
entity that provided the 'name', to be
called 'key', at this apparent
date. Therefore, I attest by myself as being
myself and trustful in all
my deeds and have apparently signed it, which
you can verify by using my
public-key apparently identified by this bit
string, the validity and dependence
of which you know nothing of. If this
declaration is revoked by some reason,
I provide no assurances that
such revocation will be announced anywhere
at any time. So if you
decide to use this declaration for some purposes
now or in the future,
you are warned that it may not be true or valid
at any time and that
you have been so properly warned so that you
are always using it at
your own risk and your own will, even if you
download this declaration at the
same moment from my servers and repository. Under
no circumstances
shall you declare that you ignore the full legal
consequences of the
notices herein contained, that you were not properly
trained or
capable of doing so, that you were relying upon
myself as if upon
an expert counsel or that you could not possibly
verify my
declarations as to their validity and so had
to rely upon them or, that you
had no other choice. What public-key
cryptography has joined, may time
and machines not part,
but of such binding I provide no assurance.
In Honor of my Most
Trustful Root Key and in Praise and Honor of my
Root Certificate, which attests to my faith in
the Root, may they stay
with me forever and ever
or until I so decide."
5. Remarks:
The views presented above are neither exaggerations nor a parody. They
correspond to the actual wording of X.509 and the usual CPS conditions
for commercial CAs. The companion paper provides comments and references
for each point graphically illustrated in the viewpoints above.
REFERENCE:
[Ger00] E. Gerck, "Overview of Certification Systems:
X.509, PKIX, CA, PGP and SKIP", published by the MCG 1997-2000, in http://mcwg.org/mcg-mirror/certover.pdf