Mozilla could add a certificate it controls to the trusted root store with which it cross-signs other CA certs, adding a nameConstraints in the process, yes?
Brad Hill > -----Original Message----- > From: dev-security-bounces+bhill=paypal-inc....@lists.mozilla.org > [mailto:dev-security-bounces+bhill=paypal-inc....@lists.mozilla.org] On > Behalf Of Gervase Markham > Sent: Wednesday, August 31, 2011 3:35 AM > To: mozilla-dev-secur...@lists.mozilla.org > Subject: Re: Restricting which CAs can issue certs for which hostnames > > On 30/08/11 17:46, Boris Zbarsky wrote: > > I was looking at our CA root list, and a lot of them seem like > > "specialist" CAs that would only issue certs for a limited range of > > hostnames. Could we formalize this, and have CAs indicate any such > > restrictions as part of their application, then enforce it on our end? > > There is a way to encode this in certificates, called basicConstraints, > although I > suspect very few CAs do that. (Why limit your market?) I guess NSS could have > a feature to impose them on a CA from outside. > > > That would limit the extent to which a compromise of one of these > > "specialist" CAs could be exploited (e.g. we'd notice that a Dutch CA > > is being used to sign the Mossad's website and cry foul, without > > pre-pinning the CA for the presumably rarely visited Mossad site). > > Just because they are a Dutch CA doesn't mean they are necessarily only > working with Dutch sites. Verisign/Symantec is an American CA. > > We don't want to put ourselves in a position of entrenching incumbents. > > In addition, even a CA focussed only on Dutch _companies_ would want to issue > certs for .com, because I'm sure a lot of Dutch companies have ..com sites. > Given that the aim would be to prevent them issuing bogus certs for > mozilla.org, paypal.com, twitter.com etc., I'm not sure many of them > > We did consider imposing such a restriction for government CAs, on the basis > that the audit rules relating to them are necessarily different. > > > Has this been considered before? Is my assumption that a lot of the > > CAs in our trust list would only issue to a small subset of possible > > hostnames accurate? > > It is, but perhaps not in a useful way which allows us to contain risk. :-| > > Gerv > > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security