On Monday, February 8, 2016 at 12:43:19 PM UTC-8, Kathleen Wilson wrote:
> One topic currently under discussion in Bug #1201423 is regarding root
> certificates with serial number of 0. The error being returned by
> http://cert-checker.allizom.org/ is "Serial number must be positive".
>
> Arguments raised in the bug:
> >>> So zero is clearly non-conforming.
I agree that this is painfully and explicitly obvious to any reading of RFC
5280.
>
> >> The whole RFC5280 section 4.1 refers to the information associated
> with the
> >> subject of the certificate and the CA that issued it. This is not a
> >> certificate issued by a CA, it is a self-signed certificate, which
> is the
> >> trust-anchor itself.
<snip>
> Does section 4.1 of RFC5280 apply to root certificates?
A certificate cannot be both a certificate and not-a-certificate. The term CA
is defined within RFC 5280, and consistent with both the Baseline Requirements
and ITU/X.509, as the operational entity who causes issuance. That is, there is
a CA, which possesses a key pair and a name, and they cause issuance of
certificates.
Note that the argument that 4.1.2 does not apply, based on Section 4.1, is to
ignore both context and intent of RFC 5280. The term CA refers to the
organizational entity ("certification authority", Section 3 of RFC 5280), not
to the specific certificate. As such, when a CA (organization) uses a Root CA
Key Pair (Section 6.1.1.1 of the Baseline Requirements) to sign Certificate
Data (as defined in Section 1.6.1 of the BRs), then that act is to cause
issuance of a Certificate (an act explicitly mentioned in Section 6.1.1.1p3 of
the BRs). As such, the issued certificate MUST conform with RFC 5280
Further, I'm surprised (and disappointed) to see a CA argue this is somehow not
the case, given that Section 3.2 of RFC 5280 makes it clear that self-issued
and self-signed certificates are two distinct subclasses of the notion of CA
certificate, and that certificate is a term and structure itself defined within
RFC 5280. The discussion of trust anchors is a non-sequitur of client behaviour
defined in Section 6.1 of RFC 5280, but that does not obviate the technical
profile defined within Section 4.1, and merely describes how a conforming
client should make use of that information, nor does it exempt such information
from conforming (as evidenced in Section 6.2 of RFC 5280).
To their unfortunate credit, they are not the only CA to make this argument -
that the root CA is somehow exempt from the Baseline Requirements (
https://bugzilla.mozilla.org/show_bug.cgi?id=555156#c95 ), but I think to
accept that argument would be to create a significant loophole that would put
users at real risk.
> Is a root certificate with serial number 00 compliant with RFC5280 and
> the BRs?
Such a certificate is non-compliant with RFC 5280.
As such, the certificate is also not compliant with the Baseline Requirements,
therefore not with the Mozilla Program Requirements.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
