Re: [pkix] RFC 5280 interpretation of trust anchor certificates
Russ Housley <housley@vigilsec.com> Mon, 10 October 2022 16:13 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBF59C14CE2E for <pkix@ietfa.amsl.com>; Mon, 10 Oct 2022 09:13:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e7kSopsCi2J2 for <pkix@ietfa.amsl.com>; Mon, 10 Oct 2022 09:13:01 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1254C14CF0D for <pkix@ietf.org>; Mon, 10 Oct 2022 09:13:01 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id B5B87CDFD9; Mon, 10 Oct 2022 12:13:00 -0400 (EDT)
Received: from [192.168.200.2] (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 926F8CDF59; Mon, 10 Oct 2022 12:13:00 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <Y0MKZ/LkgnDcOY1z@nmhq.net>
Date: Mon, 10 Oct 2022 12:13:00 -0400
Cc: IETF PKIX <pkix@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EC0F50DD-6ED8-4C06-917A-EA0F3737BAFB@vigilsec.com>
References: <Y0MKZ/LkgnDcOY1z@nmhq.net>
To: Niklas Matthies <pkix@nmhq.net>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/7J3HNbOsD3IWDgziMif6xDo3vJI>
Subject: Re: [pkix] RFC 5280 interpretation of trust anchor certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2022 16:13:06 -0000
Niklas: The relying party gets to decide the set of trust anchors that it will accept. A very common way to distribute trust anchors is self-signed certificates. This provides the public key, the algorithm identifier for the public key, and the distinguished name for the trust anchor. As noted by others, RFC 5914 defines an alternative format to supply the trust anchor public key, the algorithm identifier for the public key, and the distinguished name. This information are needed to validate certification paths that terminate at the trust anchor. The relying party can use a self-signed certificate or any other certificate or any other source to update their trust anchor store. In practice, a self-signed certificate is normally used; the creation of a self-signed certificate illustrates an expectation for it to be used as a trust anchor. Russ > On Oct 9, 2022, at 1:52 PM, Niklas Matthies <pkix@nmhq.net> wrote: > > Dear all, > > On the ESI (ETSI) mailing list, the question came up whether RFC 5280 says anything about trust anchors provided in the form of certificates that are _not_ self-signed. > > In section 6.1.1, there is the following wording on page 76: > > The trust anchor information may be provided to the path > processing procedure in the form of a self-signed certificate. > When the trust anchor information is provided in the form of a > certificate, the name in the subject field is used as the trusted > issuer name and the contents of the subjectPublicKeyInfo field is > used as the source of the trusted public key algorithm and the > trusted public key. > > The first sentence seems to indicate that the case of providing a trust anchor in the form of a non-self-signed certicate is not considered here. But the second sentence doesn't repeat the "self-signed" bit, which can be interpreted as that sentence also applying to non-self-signed certificates. However, if that is the case, why does the first sentence restrict itself to specifically self-signed certificates? > > On page 74 there is also the following wording: > When the trust anchor is provided in the form of a self-signed > certificate, this self-signed certificate is not included as part of the prospective certification path. > > If RFC 5280 also allows the possibility of trust anchors being provided in the form of non-self-signed certificates, then it would > seem that the above restriction would not apply to those, i.e., that they may be included as part of the prospective certifcation path. However, I don't see how that would make any sense. > > All the wording taken together, my conclusion up to now was that RFC 5280 simply does not consider the possibility that the trust anchor could be provided in the form of a non-self-signed certificate, and that therefore, specifications which *do* allow for that possibility (such as in the context of ETSI trusted lists) have to clarify how that case maps onto what RFC 5280 expects. > > If that interpretation is incorrect, that is, if RFC 5280 doesn't actually care about whether a trust-anchor-representing certificate provided as input to the path validation algorithm is self-signed or not, then maybe an erratum is in order? > > Kind regards, > Niklas > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix
- Re: [pkix] RFC 5280 interpretation of trust ancho… Michael StJohns
- [pkix] RFC 5280 interpretation of trust anchor ce… Niklas Matthies
- Re: [pkix] RFC 5280 interpretation of trust ancho… Jeffrey Walton
- Re: [pkix] RFC 5280 interpretation of trust ancho… Niklas Matthies
- Re: [pkix] RFC 5280 interpretation of trust ancho… Michael StJohns
- Re: [pkix] RFC 5280 interpretation of trust ancho… George Michaelson
- Re: [pkix] RFC 5280 interpretation of trust ancho… Niklas Matthies
- Re: [pkix] RFC 5280 interpretation of trust ancho… Carl Wallace
- Re: [pkix] RFC 5280 interpretation of trust ancho… Niklas Matthies
- Re: [pkix] RFC 5280 interpretation of trust ancho… Russ Housley
- Re: [pkix] RFC 5280 interpretation of trust ancho… Niklas Matthies
- Re: [pkix] RFC 5280 interpretation of trust ancho… Corey Bonnell
- Re: [pkix] RFC 5280 interpretation of trust ancho… Niklas Matthies