0

In the TLS Handshake a Certificate message is sent. This message contains the (chain of) certificates needed to validate the provided certificate of the communicating party.

However, I have also read some papers, and also defined in RFC5280, that the certification path process is challenging; and, an algorithm is needed to actually do the path construction.

This confused me, since during the TLS Handshake the chain of trust is provided in the Certificate message. Therefore I was wondering: Is a Certification path algorithm also needed in the TLS protocol?

  • If so, why is it needed? As far that I know, the Certificate message sends all the certificates in the chain of trust.
  • If not, is it true then that the Certificate message does not (always) provide all the certificates in the chain? Or maybe, does the certification path algorithm not apply at all for SSL/TLS; but for what kind of protocols is it needed then?
Ceesz
  • 15
  • 2
  • 1
    I'm not sure what your problem is. Yes, the server provides all the certificates except the root certificate (which need to be installed) but one still needs an algorithm which defines how this collection of certificates should be used to build the trust chain and verify the trust. And this is what the [certificate path validation algorithm](https://en.wikipedia.org/wiki/Certification_path_validation_algorithm) is for. – Steffen Ullrich Dec 16 '19 at 13:53
  • Ok. So the certificate chain of trust is not mandatory in the Certificate message? Is it also possible that the server only sends its own certificate and that the client has to construct the certification path itself? – Ceesz Dec 16 '19 at 13:55
  • @SteffenUllrich but if the server provides all the certificates in the chain; then the client does not need a certification path algorithm right? – Ceesz Dec 16 '19 at 13:56
  • 1
    The server does not send a certificate chain of trust. The server sends only certificates. How to build a trust chain with these certificates which ultimately ends in a trusted __local__ root certificate is what the path validation algorithm describes. – Steffen Ullrich Dec 16 '19 at 13:57
  • 1
    Ok clear. So, correct me when I am wrong; the server sends a set of certificates, which possibly contains one or more paths to the root CA, and the client has to find the actual path to the root CA to determine whether it is going to accept server's certificate. And in order to find this path, the client needs a certificate path validation algorithm. – Ceesz Dec 16 '19 at 14:00
  • 1
    Correct. And the root CA is local to the client and trusted by the client and not send by the server. – Steffen Ullrich Dec 16 '19 at 14:00
  • @SteffenUllrich+ not quite. The root or anchor MUST be configured locally in the client; it does not need to be sent by the server, but all versions of the spec (2246, 4346, 5246, 8446) say it MAY be, and some servers _do_ send it even though it isn't needed. Earlier specs _say_ the server must send certs making up a single chain/path, but many CAs issue certs that actually support multiple paths and 8446 now officially approves that. – dave_thompson_085 Dec 17 '19 at 07:40

1 Answers1

1

The algorithm is used on the Certificate chain in order to verify it - it would be a terrible idea to trust any received certificate [chain] without verification, wouldn't it?

  • Yes I know. But I was more wondering about the part of algorithm which finds the actual certificate chain. I was wondering whether this part was still needed since the client/server sends a set of certificates in the certificate message during the TLS Handshake. – Ceesz Dec 17 '19 at 15:31
  • There are several detailed explanations [in this related question](https://security.stackexchange.com/questions/72077) – CrunchBangDev Dec 17 '19 at 16:07
  • Thank you for the link to more detailed information. This makes it even more clear to me. – Ceesz Dec 17 '19 at 16:44