On Fri, 4 May 2018 14:51:47 -0400 "David A. Cooper" <[email protected]> wrote:
> Section 4.1.1.4 says "Unfortunately, experience suggests that many > browsers do not perform thorough syntactic checks on certificates, and so > it seems unlikely that browsers will be a reliable way to detect erroneous > certificates." and Section 4.2.1.4 says "As noted above (4.1.1.4), most > browsers fail to perform thorough syntax checks on certificates." These > sentences should be removed or modified. There is no reason that a > browser should perform thorough syntactic checks on certificates, and > there are good reasons for browsers not to. So, this document should > not be labeling this as unfortunate or a failure. We do not want to > encourage browsers to perform thorough syntax checks on certificates, as > this could lead to the same types of problems that TLS has experienced, > where making a change in something causes deployed products to break. The trend in Firefox and Chrome is to make their certificate validators much stricter about "syntactic" errors. I think the main point of section 4.1.1.4 is that it's not feasible for browsers to notify other parties when it detects a syntactically misissued certificate, so these checks need to be performed by monitors. I think this sentence should just be dropped, as it's not true anymore and tries to moralize about a controversial issue. > Section 5.6, paragraph 4 says that "A Monitor must not rely on certificate > discovery mechanisms to build the list of valid certificates since such > mechanisms might result in bogus or erroneous certificates being added > to the list." What would be the risk if an erroneous certificate was > added to the list? When a Monitor is obtaining a list of certificates > for the Subject to be monitored, wouldn't we want erroneous certificates > to be included in that list so that the Monitor has a chance to detect > the error? Monitors look for subject names, not specific certificates. The list of valid certificates is so the monitor doesn't raise an alarm when it finds a legitimate certificate for a monitored subject name. So the answer to your first question is that the monitor would fail to alert the Subject about an erroneous certificate. This could be clarified in section 5.6. The answer to your second question is that the monitor would still detect erroneous certificates, because it's monitoring based on subject name. This seems to be clear already from the description of a monitor in the introduction. Regards, Andrew _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
