On Fri, Jun 2, 2017 at 4:27 AM, Ryan Sleevi <r...@sleevi.com> wrote: > > > On Thu, Jun 1, 2017 at 10:19 PM, Peter Bowen via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: >> >> On Thu, Jun 1, 2017 at 5:49 AM, Ryan Sleevi via dev-security-policy >> > So I would definitely encourage that improper application of the >> > protocols >> > and data formats constitutes misissuance, as they directly affect >> > interoperability and indirectly affect security :) >> >> I think the policy needs to be carefully thought out here, as there is >> no limitation to what can be signed with the key used to sign >> certificates. What is a malformed certificate to one person might be >> a valid document to someone else. Maybe you could disallow signing >> things that are not valid ASN.1 DER? > > > I suspect you're raising a concern since a CA can use a SIGNED{ToBeSigned} > construct from RFC 6025[1] to express a signature over a structure defined > by "ToBeSigned", and wanting to distinguish that, for example, a certificate > is not a CRL, as they're distinguished from their ToBeSigned construct. I > would argue here that any signatures produced / structures provided should > have an appropriate protocol or data format definition to justify the > application of that signature, and that it would be misissuance in the > absence of that support. Logically, I'm suggesting it's misissuance to, for > example, expose a prehash signing oracle using a CA key, or to sign > arbitrary data if it's not encoded 'like' a certificate (without having an > equivalent appropriate standard defining what the CA is signing)
Yes, my concern is that this could make SIGNED{ToBeSigned} considered misissuance if ToBeSigned is not a TBSCertificate. For example, if I could sign an ASN.1 sequence which had the following syntax: TBSNotCertificate ::= { notACertificate UTF8String, COMPONENTS OF TBSCertificate } Someone could argue that this is mis-issuance because the resulting "certificate" is clearly corrupt, as it fails to start with an INTEGER. On the other hand, I think that this is clearly not mis-issuance of a certificate, as there is no sane implementation that would accept this as a certificate. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy