Balint Balogh wrote: > Hello > > Suppose Example Ltd. runs its own local CA that issues certificates to servers > and email addresses at example.com and its subdomains. The certificate of this > CA is installed as a trusted CA certificate into every browser (Firefox) and > email client (Thunderbird) of employees. > > Example Ltd. wants to make sure that only their own CA may sign certificates > claiming to belong to example.com or any of its subdomains. That is, if a user > tries to connect to any *.example.com server whose SSL/TLS certificate has not > been signed by the CA of Example Ltd., the user should see a security warning > about an invalid server certificate (likewise for email if using S/MIME).
In general, this cannot be done. It is possible to put "name constraints" on CAs that are subordinate to a root CA, but not generally on root CAs. > Without this security measure, any CA that has its certificates in client > software has the power to thwart SSL/TLS security by issuing fake certificates > claiming to belong to *.example.com servers or email addresses. The user has control over which CAs he trusts. If there are CAs in the browser's list that the user believes to be untrustworthy, then the user can tell his browser to actively distrust them. > Is there a way around this problem, without disabling or removing all other > certificates? Certificates signed by other, widely recognized CAs, whose > certificates are included by default in Mozilla products should still be > considered valid except for *.example.com domains. If you really don't trust any CAs except your own to be truthful to you, then you should mark all other CAs but your own as distrusted. > Thanks for any help. > > Balint Balogh Regards -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
