On 28/05/14 15:13, Salz, Rich wrote:
The signature on a certificate is made using the key of its parent CA. So that
means that the parent CA uses an RSA key and not an ECDSA key.
I thought the spec says the cert should be signed with the same key type. Not
sure which spec, sadly. :( And that consensus was that this is a mistake.
Hi Rich.
RFC4346 (TLS 1.1) Section 7.4.2 says...
"Unless otherwise specified, the signing algorithm for the
certificate MUST be the same as the algorithm for the certificate
key."
(RFC2246 (TLS 1.0) says the same, except the MUST is not capitalized)
RFC4492 (ECC Cipher Suites for TLS) says...
"2.2. ECDHE_ECDSA
In ECDHE_ECDSA, the server's certificate MUST contain an ECDSA-
capable public key and be signed with ECDSA."
RFC5246 (TLS 1.2) Section 7.4.2 says...
"Note that this implies that a certificate containing a key for one
signature algorithm MAY be signed using a different signature
algorithm (for instance, an RSA key signed with a DSA key). This is
a departure from TLS 1.1, which required that the algorithms be the
same."
So the "same key type" rule only applies to TLS <=1.1. I'm not aware of
any implementation that actually enforce this rule though.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
