Frank Hecker wrote:
I've decided to make S-TRUST the next CA to enter the public discussion
period. (I need to do a little more work for KISA, T-Systems, and
Microsec, the other CAs near the top of the list.) S-TRUST is operated
by Deutscher Sparkassenverlag (DSV), which has applied to add four new
root CA certificates to the Mozilla root store, as documented in the
following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=370627
and in the pending certificates list here:
http://www.mozilla.org/projects/security/certs/pending/#S-TRUST
Some quick comments regarding noteworthy points:
* S-TRUST issues certificates to individuals for use in SSL client
authentication and email. Since they don't issue certificates to SSL
servers, right now I've got them marked as requesting that only the
email "trust bit" be enabled.
However, does the SSL trust bit need to be enabled for S-TRUST client
certificates to be properly recognized at either the client or server
end? I can't remember the answer for this, and would appreciate advice.
In the presently released versions of Firefox, (or other NSS SSL clients)
no trust flag is necessary for a cert to be used for client authentication.
This is because the server tells the client which CAs are trusted by the
server, and the client picks a cert that is issued by one of the CAs named
by the server.
In an NSS server, the list of CA names sent out to remote clients when asking
them for client authentication is determined from the set of certs that have
the special SSL client auth CA trust flag. By default NO CA certs ever have
that flag set. Server admins must set that flag explicitly.
* Per German law S-TRUST issues one new root CA certificate for every
year, with each root cert having a 5-year lifetime.
Have they legislated that pi is 3 again?
New ROOT CA certificate? really? Root?
Is the requirement for a new cert? or for a new key?
That is, can each of the certs issued one year apart have the same key?
Thus they are currently requesting inclusion of four root certificates, for
2005 through 2008. Starting in 2010 the older root certs will begin to
expire and we can remove them.
Do the new certs for S-TRUST have the same key, or do they have different
keys? If they have different keys, do they also have different subject names?
Do they have different Subject Key ID (SKID) extension values?
Do the certs they issue have Authority Key ID (AKID) extensions?
This whole thing makes little sense, and is a pretty big concern.
Remember that unlike SSL server and client authentication, signatures on
emails and other types of files should be long lasting, and should be
verifiable for a long time. You don't want all the encrypted emails in your
mail folders to suddenly become unreadable because the signatures on those
messages can no longer be verified, because a CA cert has expired and has not
been renewed.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto