Re: [pkix] A non-compliant use of the EKU extension in Mozilla's CA Certificate Policy Version 2.1.
mrex@sap.com (Martin Rex) Wed, 20 February 2013 17:42 UTC
Return-Path: <mrex@sap.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F1AA21F8886 for <pkix@ietfa.amsl.com>; Wed, 20 Feb 2013 09:42:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.234
X-Spam-Level:
X-Spam-Status: No, score=-10.234 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S6v-PjoPuOFj for <pkix@ietfa.amsl.com>; Wed, 20 Feb 2013 09:42:47 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 27E1F21F8887 for <pkix@ietf.org>; Wed, 20 Feb 2013 09:42:46 -0800 (PST)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id r1KHf8wL005709 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 20 Feb 2013 18:41:09 +0100 (MET)
In-Reply-To: <CD4AAC65.5B8D5%stefan@aaa-sec.com>
To: Stefan Santesson <stefan@aaa-sec.com>
Date: Wed, 20 Feb 2013 18:41:08 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130220174108.C7D301A5A7@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: pkix <pkix@ietf.org>
Subject: Re: [pkix] A non-compliant use of the EKU extension in Mozilla's CA Certificate Policy Version 2.1.
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2013 17:42:48 -0000
Stefan Santesson wrote: > > The present case is as far as I can see a complete deadlock. > Nor ITU/ISO nor PKIX can change the meaning of EKU, neither can > implementers do what they feel they need to do without breaking/stretching > the standard. I'm seeing flawed assumptions about the protocol feature EKU in several places: some large companies, PKIX(IETF) and ITU/ISO. First of all, the stuff that is defined to be processed along the certification path (i.e. within the certficate path validation function) are name constraints, the path length constraint of BasicConstraints, certificate policies and certificate policy constraints. With few exceptions EKU is a mostly useless attribute, for which the interpretation is left _entirely_ up to the calling application -- and calling applications often ignore it (or need to do so, per spec). rfc5280 section 6.1 does not specify processing of EKUs anywhere -- 6.1.4 (n) is limited to processding the KeyUsage certSign, and 6.3.3 (f) is limited to processing the KeyUsage crlSign, and 6.1 explicitly RECOMMENDs against performing conformance checks for stuff described in Section 4 & 5 of rfc5280. The path validation function also does not have an input of the type "intended key usage", so there is really nothing that the path validation function could do about application usage. Although there exist a few EKU definitions in rfc5280: http://tools.ietf.org/html/rfc5280#page-45 not all of them are actually used. id-kp-timeStamping is required by rfc3151-Timestamps, id-kp-OCSPSigning might be used in some places for dedicated OCSP signers (that differ from the cert issuer), and id-kp-emailProtection might be used by some S/Mime implementations. Two fairly useless EKUs seem to be: id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } -- TLS WWW server authentication -- Key usage bits that may be consistent: digitalSignature, -- keyEncipherment or keyAgreement id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } -- TLS WWW client authentication -- Key usage bits that may be consistent: digitalSignature -- and/or keyAgreement Above two EKUs are unknown to all versions of TLS (rfc2246-rfc5246) **AND** unknown to the HTTP-over-TLS spec rfc2818. Unlike the PKIX definition of these two EKUs, usage of TLS isn't limited to HTTP-over-TLS anyway, so these two EKUs are pretty useless with the existing specs. Properly defined EKU usage in app protocols seem to exist only for id-kp-OCSPSigning http://tools.ietf.org/html/rfc2560#section-4.2.2.2 id-kp-timeStamping http://tools.ietf.org/html/rfc3161#section-2.3 id-kp-emailProtection http://tools.ietf.org/html/rfc3850#section-4.4.4 http://tools.ietf.org/html/rfc5750#section-4.4.4 (however, it was undefined in S/Mime 2 and S/Mime 3.0, so it must be ignored when backwards interop is desired). -Martin
- [pkix] A non-compliant use of the EKU extension i… Denis Pinkas
- Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
- Re: [pkix] A non-compliant use of the EKU extensi… David A. Cooper
- Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
- Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
- Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
- Re: [pkix] A non-compliant use of the EKU extensi… Denis Pinkas
- Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
- Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
- Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
- Re: [pkix] A non-compliant use of the EKU extensi… Santosh Chokhani
- Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
- Re: [pkix] A non-compliant use of the EKU extensi… Dr Stephen Henson
- Re: [pkix] A non-compliant use of the EKU extensi… Martin Rex
- Re: [pkix] A non-compliant use of the EKU extensi… Michael StJohns
- Re: [pkix] A non-compliant use of the EKU extensi… Michael StJohns
- Re: [pkix] A non-compliant use of the EKU extensi… Henry B. Hotz
- Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
- Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
- Re: [pkix] A non-compliant use of the EKU extensi… Yoav Nir
- Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
- Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Peter Sylvester
- Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
- [pkix] Agenda items for PKIX in Orlando Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
- [pkix] PKIX WG's (lack of) agility to adopt missi… Martin Rex