Menu
▾
▴
Re: [ebxmlms-develop] CertResolver questions
|
From: Patrick Y. <kc...@ce...> - 2003-06-11 02:23:42
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"> <title></title> </head> <body> <blockquote type="cite" cite="mid...@s-..."> <div><span class="113213506-10062003"><font face="Arial" size="2">The only thing that truly identifies the sender is the signing certificate, and Hermes doesn't provide a way of getting that certificate.</font></span></div> <div><span class="113213506-10062003"></span> </div> <div><span class="113213506-10062003"><font face="Arial" size="2">Example 1:</font></span></div> <div><span class="113213506-10062003"><font face="Arial" size="2">Suppose I have clients A and B in my keystore, so I can verify their messages. Suppose client A creates a message, sets the FromPartyId as client B, signs the message, and sends it. The resolver looks at the FromPartyId and selects client B's key, which means the message won't verify, because it was signed by client A.</font></span></div> <div><span class="113213506-10062003"></span> </div> <div><span class="113213506-10062003"><font face="Arial" size="2">Example 2:</font></span></div> <div><span class="113213506-10062003"><font face="Arial" size="2">Suppose that client A creates another message with the FromPartyId set to client B, signs it, and sends it with the certificate embedded in the message. The resolver leaves verification of the message to Hermes, which will successfully verify the message (because client A's certificate in the message matches the signature produced by client A) and passes it on. When I look at the message, I'll think it came from client B, because that's what the message says, and I know that Hermes has verified the message. The catch is that I don't know which certificate was used to verify the message.</font></span></div> <div><span class="113213506-10062003"></span></div> </blockquote> <br> Example 3:<br> Assume in ASP mode, messages from client A will be routed to application A and messages from client B will be routed to application B.<br> Suppose that client A creates a message with FromPartyId set to client A, sign it using client A's key, and does not attach the certificate in the message. The message is having AppContext of application B. The attachment of the message is going to screw up application B When the message comes to Hermes, Hermes will activate CertResolver and use client A's certificate as it's determined by FromPartyId. The verification passes and the message routed to application B as it's determined by AppContext. If application B is not checking the FromPartyId and the certificate passing up (as you suggested), it is doomed.<br> <br> <blockquote type="cite" cite="mid...@s-..."> <div> </div> <div><span class="113213506-10062003"><font face="Arial" size="2">When Hermes verifies a message, it must then include the certificate that was used to verify the message in the EbxmlMessage, so a subsequent consumer of the message can check that the certificate and the FromPartyId match. In example 1 above, it doesn't matter so much, because the resolver has already matched the FromPartyId to a certificate, but in example 2 (which is Hermes without a certificate resolver), it is vital.</font></span></div> <div><span class="113213506-10062003"></span> <br> </div> </blockquote> Agree that the certificate has to known to application. We may have to add the link to the certificate in EbxmlMessage object. Comments?<br> <br> Regards, -Patrick<br> </body> </html> |
