As mentioned in the blog post, and as we'll elaborate on further in an upcoming post, one of the drawbacks of this arrangement is that there actually is a class of clients for which chaining to an expired root doesn't work: versions of OpenSSL prior to 1.1. This is the same failure mode as various clients ran into on May 30th of 2020, when the AddTrust External CA root expired.
For the sake of public feedback, the following is the profile which we intend to have the new cross-sign issued with: * Subject and Subject Public Key Info: Identical to the self-signed ISRG Root X1 (https://crt.sh/?id=9314791) of course * Validity: Three years from the date of issuance * Basic Constraints: CA:TRUE, and no pathlen set (same as self-signed ISRG Root X1) * Key Usage: Cert Sign and CRL Sign (same as self-signed ISRG Root X1) * EKUs: none, as this cross-sign shares the same name and pubkey as an existing root certificate (BRs 7.1.2.2) * AIA issuer url: http://apps.identrust.com/roots/dstrootcax3.p7c (same as R3) * CRL Distribution URL: http://crl.identrust.com/DSTROOTCAX3CRL.crl (same as R3) * Certificate Policies: 2.23.140.1.2.1 and 1.3.6.1.4.1.44947.1.1.1 (same as R3) Thank you, Aaron On Tue, Jan 5, 2021 at 7:34 PM Man Ho (Certizen) via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I'm curious whether this approach of cross-signing from a root > certificate which has already expired is exceptional for Let's Encrypt. > I'm not aware of any discussion on what conditions this approach could > be accepted by Mozilla and other root certificate programs. Or, is it > just an usual practice of CA? If yes, this approach may provide some new > solutions in the CA ecosystem. > > Firstly, for those new CAs who do not have their root certificates > included in the root certificate programs, they may acquire an expired > root certificate from an existing CA who are probably more willing to > sell the expired root certificate rather than an active root certificate. > > Secondly, for some CAs whose root certificates are going to expire, they > may continue using the root certificates to issue intermediate CA > certificates beyond its expiry. So, there will be no need for rollover > of root certificates to new one. > > Are they good or bad things? > > > On 22-Dec-20 7:42 AM, jo...--- via dev-security-policy wrote: > > We (Let's Encrypt) just announced a new cross-sign from IdenTrust which > is a bit unusual because it will extend beyond the expiration of the > issuing root. More details can be found here: > > > > https://letsencrypt.org/2020/12/21/extending-android-compatibility.html > > > > Best, > > Josh > > _______________________________________________ > > dev-security-policy mailing list > > dev-security-policy@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
