We are interested in CAs signing x509 certificates that can be used with delegated credentials for TLS, https://tools.ietf.org/html/draft-ietf-tls-subcerts-03. The certificates to be signed by the CA are x509 certificates that contain a special extension that identifies them as being able to sign short-lived (maximum 7 days) credentials to terminate TLS connections with. The short term credentials do not increase, decrease, or modify the authorization attached to the certificate: they are a tool to enable services like CDNs, SaaS providers, and indeed web servers to terminate TLS on behalf of a site for the duration chosen by the issuer of the authorization. The validity period of the certificates will not change, nor do we think there should be extra requirements on verification to issue certificates with this extension.
If using delegated credentials on a webserver with a separate server producing the delegated credentials, an event like Heartbleed that results in disclosure of a key has a more limited impact than the disclosure of the certificate's private key. Cloudflare has implemented Keyless SSL to achieve a similar effect, and this draft came out of the TLS WG's recognition that a standardized technology with similar properties would be broadly desirable. We need certificates to opt-in due to concerns about cross-protocol attacks. Delegated credentials can only be used with one signature scheme and are tied to the certificate and scheme used to issue them, so are robust in the face of cross-protocol attacks. To further minimize the risk we will add to security considerations that ECDSA certs are better due to Bleichenbacher issues in old TLS versions. We are currently interested in deploying delegated credentials over the next few months, and hope CAs will help enable this for the broader web ecosystem. Nothing in the BR or Mozilla Root Program requirements forbids issuing certs with these extensions, but we felt it would be prudent to ask for feedback on this proposal from more sources then just those involved in the TLS WG. I look forward to your thoughts. Sincerely, Watson Ladd _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
