Hi Viktor,
Thank you for the reply.
On 10/16/25 7:01 PM, Viktor Dukhovni via mailop wrote:
1. ACME CAs typically perform rather weak "domain validation",
The use of ACME to communicate with a CA seems like a new variable that
is the equation of client certificates SHOULD be self-signed.
I agree that a sending host as a client could get a client certificate
via ACME. But there's no guarantee that ACME is used.
Nor is there any guarantee that ACME and the weak "domain validation" is
the validation that's actually used for validation. -- Consider a
client organization having done full EV level validation with a
traditional CA which happens to use ACME for convenience between the
client and the CA. In such a scenario, the validation in the ACME
exchange is somewhat proforma as a formality of the ACME protocol while
all actual validation that matters happens outside of the ACME exchange.
ACME is also rather moot if it's not involved in the process to get the
client certificate.
domains that publish usage DANE-TA(2) TLSA records are trading
security for illusory convenience of performing DNS updates less often.
But with, for example, the ongoing churn in Let's Encrypt issuer CAs,
sloppy reliance on CA stability is a bad idea.
I think there may be some points of concern there, but some of them are
rather moot depending on how involved ACME is in the client certificate
acquisition process.
2. With DANE-EE(3) records, unnecessary third party CAs are no longer
part of the security model, and with a well-automated rollover
process that prepublishes matching TLSA records *before* deploying
new server keys, one no longer needs to operationally monitor and
depend on the practices of an arm's-length CA.
I'll concede that speaks to a "MAY" but still question the veracity of
"SHOULD" client certificates be self-signed.
Yes, the certs associated with the "3 1 1" keys can *also* be issued by
a WebPKI CA, but that's far from compelling for client certs, which are
much more simply self-issued, there are no MUAs evaluating client certs
that would partly motivate using a WebPKI cert in this context.
My personal opinion is that simplicity of issuance doesn't justify a
client certificates "SHOULD" be self-signed.
Thank you again for your clarification. It gives me things to think
about. :-)
--
Grant. . . .
unix || die
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
