IETF Logo Mail Archive

Re: [certid] Please explicitly disallow unvetted info in subject names

Nelson B Bolyard <nelson@bolyard.me> Thu, 10 June 2010 17:38 UTC

Return-Path: <nelson@bolyard.me>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E527328C138 for <certid@core3.amsl.com>; Thu, 10 Jun 2010 10:38:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.519
X-Spam-Level:
X-Spam-Status: No, score=-1.519 tagged_above=-999 required=5 tests=[AWL=0.480, BAYES_50=0.001, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o6f3ZAP4PMlI for <certid@core3.amsl.com>; Thu, 10 Jun 2010 10:38:18 -0700 (PDT)
Received: from smtpauth02.prod.mesa1.secureserver.net (smtpauth02.prod.mesa1.secureserver.net [64.202.165.182]) by core3.amsl.com (Postfix) with SMTP id 8E6A028C12A for <certid@ietf.org>; Thu, 10 Jun 2010 10:38:18 -0700 (PDT)
Received: (qmail 32370 invoked from network); 10 Jun 2010 17:38:20 -0000
Received: from unknown (24.5.142.42) by smtpauth02.prod.mesa1.secureserver.net (64.202.165.182) with ESMTP; 10 Jun 2010 17:38:20 -0000
Message-ID: <4C112371.3000104@bolyard.me>
Date: Thu, 10 Jun 2010 10:40:01 -0700
From: Nelson B Bolyard <nelson@bolyard.me>
Organization: Network Security Services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b1pre) Gecko/20081004 NOT Firefox/2.0 SeaMonkey/2.0a2pre
MIME-Version: 1.0
To: certid@ietf.org
References: <201006101434.o5AEY4NX011362@fs4113.wdf.sap.corp>
In-Reply-To: <201006101434.o5AEY4NX011362@fs4113.wdf.sap.corp>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [certid] Please explicitly disallow unvetted info in subject names
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2010 17:38:20 -0000

On 2010-06-10 07:34 PDT, Martin Rex wrote:
> Nelson B Bolyard wrote:
>> There are a large number of CAs that follow the practice of vetting SOME
>> of the information they put into cert subject names, but not all, and in
>> fact deliberately making no attempt to vet certain attributes at all.
>>
>> Examples known to me include:
>>
>> OU names: typically not vetted at all
>>
>> CNs other than the last (most specific) one, if it is a DNS name.
>>
>> Maybe it's pointless to try, but can we write into this RFC that conforming
>> certs contain NO unvetted attributes in the subject name nor in any Subject
>> Alt Name attributes?
>>
>> Since CAs seem to have such a strong desire to do so, maybe we should invent
>> a new extension: unvetted subject alt names, where they can put whatever
>> nonsense they want, and apps that care to use only vetted info
>> can ignore.  It MUST NOT be a critical extension.  On the other hand, the
>> correct processing of that extension should be defined to ignore it (:-)
>> so that all apps may claim to properly handle it, even if it is critical.
> 
> 
> This description of what some CAs are doing is completely bogus.

I agree that "what some CAs are doing is completely bogus".  That's why
I'm calling for text in the RFC to ban it.  But the description of it is
accurate.  It has been actively exploited.  This all made headlines about
a year ago, you may recall.

See attack 2a, pages 1,8-14 in Kaminsky's paper
http://www.ioactive.com/pdfs/PKILayerCake.pdf.   This paper makes it
abundantly clear what
happens when different implementations check different CNs in names with
multiple CNs, and when CAs check different CNs than the libraries check.
We should need no further reason to make this crystal clear in a new RFC.
Library implementers should need no further reason to follow the standards
to the letter.

> CAs vouch and are liable for every single bit in the ToBeSigned part
> of a certificate, no matter what stupid things they claim in any weird
> and ineffective "certificate practice statement" (CPS).

I think you'll find that lots of lawyers disagree.  To the contrary, they
would claim that the expectation that CAs do anything other than what their
CPSes say is the stupid part.  In most jurisdictions, there's no law that
says what CAs must do, so CAs are bound by contract, and the contracts all
cite the CPSes.

> A CA that doesn't is not a CA, but instead a hackers foot in your door.
> 
> This applies equally to all components of the subject DName, and
> all X.509v3 extensions, such as all subjectAltNames, all keyUsages,
> all extendedKeyUsages, all BasicConstraints, AIA, CRL distribution points,
> and whatever else there is.
> 
> Blindly copying without validation any data from the PKCS#10 request
> into the certificate that they sign would be simply irresponsible and
> an act of gross negligence.

If you remove all the CAs that do that from your trusted list, it's get MUCH
smaller.

> -Martin

v2.8.7 | Report a Bug | By Email