There's no requestor control of validityNotBefore for an offline CA signing event, and certainly none with an online CA since the Playstation attack. There's limited control of toBeSigned: CAs will grab the asserted subject DN, public key, and toss the decorations in the PKCS#10 away. They'll amend the DN as they see fit based on vetting and any omissions and set validity dates based on the moment the offline root is exposed to perform the event. They're bringing multiple humans together at an externally unpredictable time (timezone even) and day.
Even though subordination can be external or beyond core PKI realm, you can't get chosen plaintext or birthday with an offline CA. RapidSSL was another story entirely and even though they were an outlier, the 20-bit serial entropy that resulted was certainly warranted at the end entity tier. -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+steve.medin=verizonbusiness....@lists.mo zilla.org] On Behalf Of Jakob Bohm Sent: Thursday, February 11, 2016 1:23 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: New requirement: certlint testing It remains an important security measure when signing anything requested from outside, including 3rd party sub-CA certificates, cross certificates for the roots of other CAs, certificates for more remote parts of the CA's organization (such as certificates for the Symantec software business issued by a Symantec owned CA) etc.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
