Peter Bowen於 2016年12月4日星期日 UTC+8上午1時43分00秒寫道: > On Sat, Dec 3, 2016 at 9:22 AM, Jakob Bohm wrote: > > > > Using two different public keys with the same exact full distinguished > > name is generally not expected to work. Some implementations may use > > additional checks (such as the key identifier or certificate serial > > number) to disambiguate, but this is generally known to be a frequent > > cause of errors and bugs, such as the ones observed in your > > presentation. > > > > All in all, the "self-issued but not self-signed" concept never worked > > and is effectively dead. > > I agree with Jakob here. As was recently pointed out in a discussion > on the path length constraint for CAs, allowing self-issued but not > self-signed opens up unexpected vulnerabilities. > > Mozilla should require that there be exactly one public key associated > with each CA Distinguished Name. Key rotation should be accompanied > by DN rotation. > Requiring that Key rollover must be accompanied by DN rotation will contradict with the PKIX standard and the original X.509 standard. In the PKIX standard and the original X.509 standard, the recommended way is to use Authority Key Identifier and Subject Key Identifier chaining for distinguishing different generation of cert/CRL signing keys but with the same issuer DN. If Mozilla makes the requirement k that ey rollover must be accompanied by DN rotation, it means Mozilla NSS trust list will completely rule out those CAs conforming to the PKIX standard. If so, I do know how Mozilla can claim that the NSS is interoperable with PKIX Certificate and CRL profile?
> > Maybe you need to generate a new third generation "Taiwan-GRCA 2016" > > root with a unique name, along with the needed [...] certificates, such > > that web servers > > can send at least one valid chain. > > I think that is an excellent suggestion. > > As to the inclusion request, I think Mozilla should reject this > request and add a clear rule to the Mozilla CA policy that each CA > must have a unique DN. The DN should be a primary key for the trust > store and no two entries should have the same DN. As far as I known, currently the Mozilla CA policy does no require CAs to change their DNs whenever performing key rollover. I believe that Mozilla should not make this kind of requirement in the CA policy because that will contradict with the PKIX standard as well as the original ITU-T X.509 standard. > > Thanks, > Peter Wen-Cheng Wang Chief PKI Product Manager Chunghwa Telecom Co., Ltd. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
