IETF Logo Mail Archive

Re: [certid] Why require EKU for certid?

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 29 September 2010 22:25 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A05C13A6B34 for <certid@core3.amsl.com>; Wed, 29 Sep 2010 15:25:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.355
X-Spam-Level:
X-Spam-Status: No, score=-101.355 tagged_above=-999 required=5 tests=[AWL=0.691, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o1nL6Ao1jfpP for <certid@core3.amsl.com>; Wed, 29 Sep 2010 15:24:59 -0700 (PDT)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id D28E83A69B7 for <certid@ietf.org>; Wed, 29 Sep 2010 15:24:59 -0700 (PDT)
Received: from [10.20.30.163] (sn87.proper.com [75.101.18.87]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o8TMKtKu085609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 29 Sep 2010 15:20:57 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0624084ec8c96bc1768c@[10.20.30.163]>
In-Reply-To: <4CA39B88.70402@stpeter.im>
References: <C8B4E80F.EE82%stefan@aaa-sec.com> <4C9A2D12.3020409@stpeter.im> <p0624084ac8bfe10f5b72@[10.20.30.158]> <76232140-6713-416F-8758-8042A82B8857@jpl.nasa.gov> <4CA39B88.70402@stpeter.im>
Date: Wed, 29 Sep 2010 15:20:54 -0700
To: Peter Saint-Andre <stpeter@stpeter.im>, "Henry B. Hotz" <hotz@jpl.nasa.gov>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Cc: Stefan Santesson <stefan@aaa-sec.com>, IETF cert-based identity <certid@ietf.org>
Subject: Re: [certid] Why require EKU for certid?
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Sep 2010 22:25:00 -0000

At 2:03 PM -0600 9/29/10, Peter Saint-Andre wrote:
>[trimming tls@ and ietf@ from cc list]
>
>On 9/23/10 11:43 AM, Henry B. Hotz wrote:
>>
>> On Sep 22, 2010, at 9:44 AM, Paul Hoffman wrote:
>>
>>> At 10:21 AM -0600 9/22/10, Peter Saint-Andre wrote:
>>>> On 9/14/10 12:51 AM, Stefan Santesson wrote:
>>>>> General: I would consider stating that server certificates
>>>>> according to this profile either MUST or SHOULD have the
>>>>> serverAuth EKU set since it is allways related to the use of
>>>>> TSL and server authentication. At least it MUST be set when
>>>>> allowing checks of the CN-ID (see 2.3 below).
>>>>
>>>> [..snip..]
>>>
>>
>>> What possible advantage is there to making certificates that do not
>>> have this flag set be excluded from the practices you are defining?
>>> That is, if a TLS client gets a certificate from a TLS server that
>>> the TLS server says is its authentication certificate, why should
>>> the client care whether or not that flag is set? That flag is an
>>> assertion from the CA, not from the server who is authenticating.
>>
>>
>> Does this point need discussion?  Without checking, I suspect that
>> 5280 says you obey the EKU, period.  OTOH I think Paul raises a valid
>> point.
>>
>> OTOH (again) one could argue that the EKU provides a way to prevent a
>> stolen cert/key issued to the machine for a different function from
>> being repurposed to support a fake server.  (I'm not convinced this
>> is significant, but it's something.)
>>
>> Absent discussion and consensus, I vote for whatever 5280 says, which
>> I suppose is what the current silence on the topic equates to.
>
>This I-D shall never be taken to override anything in RFC 5280 or any
>other normatively-referenced specification on which it depends. If folks
>think we need a blanket statement to that effect, please let us know.
>Version -10 will have a new section containing an applicability
>statement, which starts as follows:
>
>   This document does not supersede the rules for certificate validation
>   provided in [RFC5280].
>
>But we can always add a stronger statement if need be.

This misses the point I made when I started this thread. Stefan proposed a change that would require that only certs that included this EKU be considered, you said you would consider that, and I said that would be a bad change. Henry's point did not negate or support my proposal.

--Paul Hoffman, Director
--VPN Consortium

v2.8.7 | Report a Bug | By Email