[xmlsec] Verify signature after certificate expired

Moultrie, Ferrell (ISSAtlanta) FMoultrie at iss.net
Wed Oct 9 23:16:58 PDT 2002


Aleksey:
  I *must* have this stuff -- there's not really another way to do this
without using a never-expiring cert from a private CA -- and that has
it's own set of risks and hazards that are commisurate with, or greater
than, the risk you point out of not expiring a signature after it's
released. For a code and/or data signing application intended *only* to
say that the data was valid at the time it was signed -- and should
remain valid forever -- not having a signature expire is the
proper/desired/required behavior. 
For your notes below:
  (1) My XML has a timestamp in a predictable format that correspond
precisely to the time of signing so this isn't an issue in my case. Not
a problem.
  (2) Yucky because this is extra work in the application which I was
avoiding -- but that's still not a big problem since verification setup
time isn't absolutely critical to my application.
  (3) I believe I understand your POV and the tradeoffs -- they just
don't change how my application *must* behave.

  If you can either prototype the required code for 0.9.6g or give me as
good a pointer as you can to what should be done and where, I'll check
it out and test it with my application. I'm very appreciative of what
you've done so far -- but I just can't use 0.9.7 in our general-release
applications at this time. Too much testing -- too many unknowns -- too
hard to explain if it turns out to have a critical security
issue/bug/etc. Thanks again for whatever you can do to help me move
forward. Finding out about this today is painful/inconvenient -- but
much better than finding out about it next year when all our
applications suddenly shut down. Hopefully QA would have found this soon
(I just turned the X509 stuff over to them) but if we'd missed it, it
would have been very painful. 
Ferrell

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Thursday, October 10, 2002 2:02 AM
To: Moultrie, Ferrell (ISSAtlanta)
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Verify signature after certificate expired


OpenSSL just don't have the required parameters in X509_STORE
structure. However, it does have the needed stuff in X509_STORE_CTX
so potentially there is a way to handle this, just extra code in xmlsec.
How badly do you really need this stuff? Please, think twice because:

    1) XMLDsig has no standard way of specifing signature timestamp
    (i.e. if you want to use this then you'll need to define your own
and
    extract the timestamp before verifing the signature);
    2) you will need to create xmlSecDSigCtx object for every signature
    you are verifing (signature timestamps may be different)
    3) imho, this is wrong idea and it is very simple to screw up
everything


Aleksey


Moultrie, Ferrell (ISSAtlanta) wrote:

>Aleksey:
>  Since OpenSSL 0.9.7 is still in beta, I'm a bit reluctant to use it
in
>a release version of my products. We're very close to release right now
>and I hate to have to revisit most of the QA process just because I
need
>to upgrade OpenSSL -- and to an unreleased version also. Can you point
>me to what the issue is in 0.9.6g vs 0.9.7 -- API, file, etc. -- so
that
>maybe I can figure out a minimally intrusive way to do something
similar
>in 0.9.6g? Any ideas/hints would be appreciated ...
>Thanks!
>  Ferrell
>
>-----Original Message-----
>From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
>Sent: Thursday, October 10, 2002 12:17 AM
>To: xmlsec at aleksey.com
>Subject: Re: [xmlsec] Verify signature after certificate expired
>
>
>It turns out that there is pretty simple way to set verification
>time in OpenSSL (0.9.7) and I did implemented this so you can
>find the "certs verification time" in the tommorow nightly snapshot
>or in Gnome CVS (http://www.aleksey.com/xmlsec/download.html).
>However, this works only with OpenSSL 0.9.7!
>
>1. Using certs verification time from library.
>  a) enable verification time check in the simple keys manager (btw,
you
>      can set any other OpenSSL flags using the same function):
>                   
>        xmlSecKeysMngrPtr keyMgr = NULL;
>
>        ....
>        xmlSecSimpleKeysMngrSetCertsFlags(keyMgr,  
>X509_V_FLAG_USE_CHECK_TIME);
>        ....
>
>  b) set the new "certsVerificationTime" member of the xmlSecDSigCtxPtr
>or
>      xmlSecEncCtxPtr structures to the required time (most likely this

>means
>      that you'll need to create new structures for each signature 
>verification or
>      each decryption operation).
>
>2. Using certs verification time from xmlsec command line utility.
>(you need to have strptime() function available on your platform: Linux

>and Windows
>do have it).
>  Specify --verificaiton-time <time> parameter where <time> is the
local
>
>system time and
>  has the following format
>        YYYY-MM-DD HH:MM:SS
>  
>Hope, this closes the problem but let me know if there something else I

>can do.
>
>
>With best regards,
>
>Aleksey
>
>Aleksey Sanin wrote:
>
>  
>
>>I had some time to read RFC (in particular, RFC 1422, RFC 1423, RFC
>>    
>>
>1424,
>  
>
>>RFC 2459), and I found that:
>>   1) signature verification requires "valid" certificate;
>>   2) "valid" certificate is application specific;
>>   3) the application may accept "invalid" certs and show application 
>>specific
>>    warning to user.
>>To clarify item 2): the application may decide that "expired cert" is 
>>valid cert as well
>>as "cert found in CRL" is valid cert or "cert has wrong purpose" is 
>>valid cert.
>>IMHO, this is wrong but I do understand that there may be good reasons
>>    
>>
>
>  
>
>>to do this.
>>
>>In application to XMLSec library, this means that when I don't like 
>>the idea of
>>accepting expired certificates, I will try to look at OpenSSL and find
>>    
>>
>
>  
>
>>out
>>how difficult it would be to disable this check. If this could be done
>>    
>>
>
>  
>
>>w/o huge problems
>>then I'll add a config parameter to xmlSecKeysManager (and xmlsec 
>>application)
>>that controls whether it accepts expired certs or not. However, if 
>>I'll found that this check
>>is in the core of OpenSSL certs verification process and there is no 
>>simple way
>>of disabling it then I'll leave this to application (as you know the 
>>cert verification
>>could be completelly handled by the application). Of course, if anyone
>>    
>>
>
>  
>
>>can submit
>>a patch to xmlsec that'll do this then I'll be happy to apply it 
>>(after code review,
>>of course :) ).
>>
>>Any suggestions, comments?
>>
>>Aleksey.
>>
>> 
>>_______________________________________________
>>xmlsec mailing list
>>xmlsec at aleksey.com
>>http://www.aleksey.com/mailman/listinfo/xmlsec
>>    
>>
>
>
>
>
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>  
>






More information about the xmlsec mailing list