Re: [pkix] Private key usage period extension

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 06 May 2016 12:49 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCE8A12D16B for <pkix@ietfa.amsl.com>; Fri, 6 May 2016 05:49:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62AYWAX6bt4O for <pkix@ietfa.amsl.com>; Fri, 6 May 2016 05:49:36 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACC6F12D14C for <pkix@ietf.org>; Fri, 6 May 2016 05:49:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7BF5ABE47; Fri, 6 May 2016 13:49:35 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORwug7Yw3qz8; Fri, 6 May 2016 13:49:35 +0100 (IST)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id DA94EBE38; Fri, 6 May 2016 13:49:34 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1462538975; bh=YgTUkmnqJjv7tKyznkkwX4toYYzYqb3KJyUV7D7EgIc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=p8fanRXQ6TgxYRDZxxJE8oQpaZRsNS9yXzKdoSzxuTpburb1OOVjXYT4e48jBXBmg yQglNHo8XBesvE1QWYmP+0RaW5DCXNPBfZN9D2HdJUO5usGo04Se+prZVbvlUsqmu0 NJarBjyou0h7U2nrm+BG8XUML22gpmF4QNPg0l+0=
To: Erik Andersen <era@x500.eu>, Directory list <x500standard@freelists.org>, PKIX <pkix@ietf.org>
References: <000901d1a773$379e1680$a6da4380$@x500.eu> <572C6980.8000808@cs.tcd.ie> <CA+i=0E6oo1hZSbyN_xYM1oB4-gKiuxCx-OotqAVz+G6Z7S6uJA@mail.gmail.com> <005501d1a792$626cdb20$27469160$@x500.eu>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <572C92DE.2020105@cs.tcd.ie>
Date: Fri, 6 May 2016 13:49:34 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <005501d1a792$626cdb20$27469160$@x500.eu>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms070403060302050605040500"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/N71OxpgoXTC4KNninuwmMBqHGx4>
Subject: Re: [pkix] Private key usage period extension
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2016 12:49:39 -0000


On 06/05/16 13:25, Erik Andersen wrote:
> OK, it is being used. I have seen no reason so far that the private
> key use period starts before and/or ends after the certificates
> validity period.
> 
> 
> 
> If I get a message together with a certificate and the message is
> signed after the certificate validity period, but before the notAfter
> for the private key usage period, what do I do? Consider the
> certificate invalid and discard the message or do I validate the
> signature with the public key I am not supposed to use anymore.

The semantics of message signature validation is not a part
of RFC5280, and as we've seen nor is any semantics for that
particular extension, so you won't find an answer here I
figure.

If X.509 tries to specify such semantics, then IMO that's
broken. So my answer to your question is: go look at whatever
it is that specifies the semantics of that message signature.

S.

> 
> 
> 
> It is of no help to me that there may be another certificates with
> the same key pair, where the certificate validity period is
> different. I might not know those certificates.
> 
> 
> 
> Regards,
> 
> 
> 
> Erik
> 
> 
> 
> Fra: Erwann Abalea [mailto:eabalea@gmail.com] Sendt: 06 May 2016
> 12:30 Til: Stephen Farrell <stephen.farrell@cs.tcd.ie> Cc: Erik
> Andersen <era@x500.eu>eu>; Directory list <x500standard@freelists.org>rg>;
> PKIX <pkix@ietf.org> Emne: Re: [pkix] Private key usage period
> extension
> 
> 
> 
> Bonjour,
> 
> 
> 
> This extension is heavily used in electronic passports.
> 
> ICAO has set it to be mandatory for Root CA and Document Signer
> certificates (subscriber certs used to verify data in passports), and
> optional for MasterList signers.
> 
> See ICAO MRTD 9303 part 12 document
> (http://www.icao.int/publications/Documents/9303_p12_cons_en.pdf).
> 
> ICAO did a bad job here; this extension already hurt them in the past
> (preventing some Roots to issue a fresh CRL), and their "solution"
> was to change the Name comparison rule for CRL checking, so that CAs
> that don't have the same Name but have the countryName in common are
> to be considered the same CAs, except for China. Yes, it's that bad.
> 
> 
> 
> This extension was already deprecated in RFC2459.
> 
> 
> 
> 
> 
> 2016-05-06 11:53 GMT+02:00 Stephen Farrell <stephen.farrell@cs.tcd.ie
> <mailto:stephen.farrell@cs.tcd.ie> >:
> 
> 
> Hi Erik,
> 
> I've a separate question: does anyone use this extension or should we
> put it on a virtual/mental list of stuff to be deprecated when/if
> someone has the energy?
> 
> S.
> 
> On 06/05/16 09:42, Erik Andersen wrote:
>> X.509 has a specification of the Private key usage period
>> extension (8.2.2.5). This extension is a little confusing. It has
>> notBefore and notAfter specification. However, the text says:
>> 
>> The notBefore component indicates the earliest date and time at
>> which the private key could be used for signing. If the notBefore
>> component is not present, then no information is provided as to
>> when the period of valid use of the private key commences. The
>> notAfter component indicates the latest date and time at which the
>> private key could be used for signing. If the notAfter component is
>> not present then no information is provided as to when the period
>> of valid use of the private key concludes.
>> 
>> With a little ill will, this can be read as the private key
>> validation period may extend beyond the validity of the public key.
>> Note 1 adds to the confusing, as it says:
>> 
>> NOTE 1 - The period of valid use of the private key may be
>> different from the certified validity of the public key as
>> indicated by the certificate validity period. With digital
>> signature keys, the usage period for the signing private key is
>> typically shorter than that for the verifying public key.
>> 
>> It is the word "typical" that confuses me. It implies it could be
>> different.
>> 
>> This extension was included in RFC 3280 with a heavy health
>> warning. It was omitted from RFC 5280 (except for A.2).
>> 
>> In my mind, the validity of the private key should not spread
>> outside the validity period of the certificate.
>> 
>> Have I misunderstood something?
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________ pkix mailing list 
> pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix
>