On 2015-03-24 10:35, Florian Weimer wrote:
* Kurt Roeckx:
So it's my understanding that they were only supposed to issue
certificates for their own domain(s). Why wasn't this enforced by
using a name constraint?
Sadly, name constraints do not work because they do not constrain the
Common Name field. The IETF PKIX WG explicitly rejected an erratum
which corrected this oversight.
NSS used to be different (before the mozilla::pkix rewrite), but it's
not PKIX-compliant.
I understand that the name constraint applies to the SubjectAltName.
Under the Baseline Requirements the SAN must be present. If there is a
CommonName it should match one of the SANs.
We know that not everybody does add the SANs. But I think that if there
is a name constraint and there is no SAN we should just either reject
the certificate for being invalid or for not matching.
If a SAN is present you should probably either not look at the
CommonName or check that it matches a SAN.
If you know of software that doesn't do this, I suggest you file bug
reports. I have no idea what any implementation currently does.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
