Understanding Certification Path Construction - oasis pki
UnderstandingCertification Path ConstructionCertification path construction is a complex process and is subject to somedegree of trial and error. The certification path construction process hasnot been standardized, and there is very little published informationavailable to help implementers and product evaluators understand thecomplexities involved. The purpose of this white paper is to clarify issuesassociated with the certification path construction process and to makerecommendations where appropriate.IntroductionPublic Key Infrastructure (PKI) supports a number of security-related services, includingdata confidentiality, data integrity, and end-entity authentication. Fundamentally, theseservices are based on the proper use of public/private key pairs. The public component ofthis key pair is issued in the form of a public key certificate and, in association with theappropriate algorithm(s), it may be used to verify a digital signature, encrypt data, orboth 1 .Before a certificate can be used, it must be validated. In order to validate such a certificate,a chain of certificates or a certification path between the certificate and an establishedpoint of trust must be established, and every certificate within that path must be checked.This process is referred to as certification path processing 2 .September 2002AcknowledgementsWhite Paper is a deliverablefrom the PKI Forum’s TechnicalGroup (TWG). Several memberorganizations and individualshave contributed by providingcontent, editorial assistance andeditorial reviews.Author:Steve LloydPKI ForumEditors:Andrew NashRuss HousleyJohn LinnMagnus NystromRSA SecurityHelen MullengerBaltimore TechnologiesJeff StapletonKPMG LLPIn general, certification path processing consists of two phases: 1) path construction and2) path validation described as follows:1) Path construction involves "building" one or more candidate certification paths. Notethat we use "candidate" here to indicate that although the certificates may chaintogether properly, the path itself may not be valid for other reasons such as pathlength, name, or certificate policy constraints/restrictions.2) Path validation includes making sure that each certificate in the path is within itsestablished validity period, has not been revoked, has integrity, et cetera; and anyconstraints levied on part or all of the certification path are honored (e.g., path lengthconstraints, name constraints, policy constraints). However, some aspects that mightbe associated with path validation are sometimes taken into consideration during thepath construction process in order to maximize the chances of finding an acceptablecertification path sooner rather than later. We will revisit these concepts later in thispaper.ContentsIntroduction 1Purpose, Scope andAssumptions 2Basic Concepts 2Identifying AppropriateCertificates 6Constructing CertificationPaths 8Evaluating CertificatePaths During the PathConstruction Process 12Summary 141It should be recognized that there are several reasons that separate key pairs should be used fordigital signature and confidentiality, including differing requirements associated with key backup/recovery and long-term handling of keying material, and the ability to use different algorithms foreach (e.g., DSA could be used for the digital signature and RSA could be used for symmetric keyexchange).References 142This is sometimes called "certificate path processing." We use "certification path processing" inorder to maintain consistency with the terminology found in X.509.