On Wed, Apr 3, 2019 at 6:30 PM Brian Smith <br...@briansmith.org> wrote:
> Wayne Thayer <wtha...@mozilla.com> wrote: > >> On Mon, Apr 1, 2019 at 5:36 PM Brian Smith via dev-security-policy < >> dev-security-policy@lists.mozilla.org> wrote: >> >>> Here when you say "require EKUs," you mean that you are proposing that >>> software that uses Mozilla's trust store must be modified to reject >>> end-entity certificates that do not contain the EKU extension, if the >>> certificate chains up to the roots in Mozilla's program, right? >> >> >> That would be a logical goal, but I was only contemplating a policy >> requirement. >> > > OK, let's say the policy were to change to require an EKU in every > end-entity certificate. Then, would the policy also require that existing > unexpired certificates that lack an EKU be revoked? > No, there would be an effective date. Would the issuance of a new certificate without an EKU be considered a > policy violation that would put the CA at risk of removal? > > Yes. The thing I want to avoid is saying "It is OK for the CA to issue an > end-entity certificate without an EKU and if there is no EKU we will > consider it out of scope of the program." In particular, I don't want to > put software that (correctly) implements the "no EKU extension implies all > usages are acceptable" at risk. > > Agreed. I am leaning toward dropping this proposal altogether. >> If so, how >>> would one implement the "chain[s] up to roots in our program" check? >>> What's >>> the algorithm? Is that actually well-defined? >>> >>> >> My starting proposal would be to reject all EE certs issued after a >> certain future date that don't include EKU(s), or that assert anyEKU. If >> your point is that it's not so simple and that this will break things, I >> suspect that you are correct. >> > > The part that seems difficult to implement is the differentiation of a > certificate that chains up to a root in Mozilla's program from one that > doesn't. I don't think there is a good way to determine, given the > information that the certificate verifier has, whether a certificate chains > up to a root in Mozilla's program or not, so to be safe software has to > apply the same rules to regardless of whether the certificate appears to > chain up to a root in Mozilla's program or not. > > Cheers, > Brian > -- > https://briansmith.org/ > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy