The attack is not possible if the receiver validates the host from the x5u against the certificate CN and validates the path, otherwise any valid certificate would work, as long as it chains to a valid root. Yes we could explain that that the client could limit itself to a specific root or bridge and use the CN or DN for the identity of the signer. So yes it is possible to make an exception to the MUST but explaining how to do that safely is not trivial, and may cause more harm than good. John B. On Sep 30, 2014, at 4:53 PM, Dave Cridland <dave@xxxxxxxxxxxx> wrote:
|
<<attachment: smime.p7s>>