Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

Mon, 06 Jul 2020 06:38:19 -0700 

On 06/07/2020 12:47, Rob Stradling via dev-security-policy wrote:

On 06/07/2020 06:11, Dimitris Zacharopoulos via dev-security-policy wrote:
<snip>

IETF made an attempt to set an extention for EKU constraints
(https://datatracker.ietf.org/doc/draft-housley-spasm-eku-constraints/)
where Rob Stradling made an indirect reference in
https://groups.google.com/d/msg/mozilla.dev.security.policy/f5-URPoNarI/yf2YLpKJAQAJ 

(Rob, please correct me if I'm wrong).

There was a follow-up discussion in IETF that resulted that noone should
deal with this issue

(https://mailarchive.ietf.org/arch/msg/spasm/3zZzKa2lcT3gGJOskVrnODPBgM0/). 


A day later, all attempts died off because noone would actually
implement this(?)
https://mailarchive.ietf.org/arch/msg/spasm/_gJTeUjxc2kmDcRyWPb9slUF47o/.
If this extension was standardized, we would probably not be having this
issue right now. However, this entire topic demonstrates the necessity
to standardize the EKU existence in CA Certificates as constraints for
EKUs of leaf certificates.


Oh, I misread.


Standardizing the use of the existing EKU extension in CA certificates 
as a constraint for permitted EKUs in leaf certificates has been 
proposed at IETF before.  Probably many times before.  However, plenty 
of people take the (correct, IMHO) view that the EKU extension was not 
intended to be (ab)used in this way, and so the chances of getting 
"rough consensus" for a Standards Track RFC to specify this seems rather 
remote.



I suppose it might be worth drafting an Informational RFC that explains 
how the EKU extension is used in practice, what the footguns are and how 
to avoid them, what the security implications are of doing EKU wrong, etc.



If only we could edit RFC2459 so that it (1) defined an "EKU
constraints" extension and (2) said that the EKU extension MUST NOT
appear in CA certificates...

Unfortunately, we're more than 20 years too late to do that.  And whilst
it completely sucks that real-world use of the EKU extension comes with
some nasty footguns, I just don't see how you'd ever persuade the WebPKI
ecosystem to adopt a new "EKU Constraints" extension at this point in
history.

--
Rob Stradling
Senior Research & Development Scientist
Sectigo Limited

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy























					Reply via email to