On 3 October 2016 at 19:24, Jakob Bohm <jb-mozi...@wisemo.com> wrote: > On 03/10/2016 20:41, Kyle Hamilton wrote: >> 2. There is only One Certificate Path that can be proven in TLS, which >> prevents risk management by end-entities. >> > > Are you sure, I thought the standard TLS protocol transmitted a *set* > of certificates in which the client could/should search for a chain > leading to a client trusted CA.
I've seen interesting bugs result from client (e.g. browser) processing of the 'bag of certs' approach - but these bugs are security vulnerabilities and should be handled correctly. So I don't see any reason why one could not send multiple chains right now, and have a client correctly process it. Shouldn't be too hard to actually test with Firefox or whatever. Just get a couple chains from different CAs and start distrusting roots locally... I guess the main thing I'd wonder about is if a client has a root marked as untrusted, it may build a chain to that root for the purposes of *not* trusting it. (As opposed to building a chain to a completely unknown root.) Not that I think this is a good idea. -tom _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy