IETF Logo Mail Archive

Re: [pkix] RFC 5280 interpretation of trust anchor certificates

Jeffrey Walton <noloader@gmail.com> Sun, 09 October 2022 18:45 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84D50C14F72A for <pkix@ietfa.amsl.com>; Sun, 9 Oct 2022 11:45:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id neRwUBz-chHW for <pkix@ietfa.amsl.com>; Sun, 9 Oct 2022 11:45:49 -0700 (PDT)
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE067C14F6EC for <pkix@ietf.org>; Sun, 9 Oct 2022 11:45:49 -0700 (PDT)
Received: by mail-pl1-x633.google.com with SMTP id h10so8673132plb.2 for <pkix@ietf.org>; Sun, 09 Oct 2022 11:45:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NMt7NnZXpWCybmhGwgz7yXiC1p4dLEvajjx+7PcW06I=; b=J0SS8UzcjFh9O6ExaeCIEif7XhFXRNnduA5VhOVLoeZNIn2a4PJWac8SbNIj021IDO rLa8Vjtj3GlGdTCFavZFtHyGw0ohdkxRR9AmsBRT3Sgk6msIjibbU07yZ4TBOzLBo0nP RbNFBL/6005fuS2v/Lfz3gmml0VUawlVA4WySPafsp2rHkHfU33VWMO1LwcHAK0W5XNh JpiI8Q8yYxuxNNOPa6DGSMQtg1KShoux5hjTHdq46AH0GsHUSDMUozTYg8icMBQWNwyk IhxToX1oakr9eArHuZPsUhkn7xMYydD5XUAhj5ncFRIHakOLJWUt6wP8LEmkV5jJa2/W zBtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NMt7NnZXpWCybmhGwgz7yXiC1p4dLEvajjx+7PcW06I=; b=Lootgwk/79WUC+1Qz+UXhUQOICeEzuWsP2Q8safhZkWtJq6ZiyQ25/4A7Fv1LjyjDM mVrurFKyLeK/+6W7G7ZpkI2amvPp+Xeh/lrfUQHRb4TfKedNKROLS029YnfkCbJIFbgS lyIEImKhHueyFwtPxWeRsCOMO8tcvGRZ3YP12a8zsBG25So7JG1vwjHxozOH97DKfOZi v1FeIHjpHtljUe+20gzZnI5CW0jb3WRvRt3iqnXy5glbIFOK+p9NL6Bsdl6QpX2qcNp0 jiuvgKWq/eulunx3BCzs0YuXEWsG0eqWkHlQm62iK+syGlFeAKhLKn+nfVZlAgavz/F0 gJpQ==
X-Gm-Message-State: ACrzQf30wP/ZBoRXv5rcSm5gUW6WoBhHdCbXxLcSDpsgqrSqZ3+kyh4o UYTz4o+7LfbMFQ/dbWw7SOjmw0R4644G9R/rVMPOZvMmq4o=
X-Google-Smtp-Source: AMsMyM7hIwaHCOa1Awtt/7sxtnZ+KfNryiSL2t0OMI4Yc6ndSa8clIs+O5CFAS+1E9CjtgdKIJnza7mTWFapiRY7jjM=
X-Received: by 2002:a17:902:c40f:b0:17f:6737:9527 with SMTP id k15-20020a170902c40f00b0017f67379527mr15186212plk.19.1665341147991; Sun, 09 Oct 2022 11:45:47 -0700 (PDT)
MIME-Version: 1.0
References: <Y0MKZ/LkgnDcOY1z@nmhq.net>
In-Reply-To: <Y0MKZ/LkgnDcOY1z@nmhq.net>
Reply-To: noloader@gmail.com
From: Jeffrey Walton <noloader@gmail.com>
Date: Sun, 09 Oct 2022 14:45:19 -0400
Message-ID: <CAH8yC8mZjkje1tOL-BmUy2P3WzkTd0jMPO7_G17_H0kZzTUhOw@mail.gmail.com>
To: pkix@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/PWAgKTlyqEuzr-J-mYqxAqxglI4>
Subject: Re: [pkix] RFC 5280 interpretation of trust anchor certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Oct 2022 18:45:53 -0000

On Sun, Oct 9, 2022 at 1:53 PM Niklas Matthies <pkix@nmhq.net> wrote:
>
> Dear all,
>
> On the ESI (ETSI) mailing list, the question came up whether RFC 5280
> says anything about trust anchors provided in the form of certificates
> that are _not_ self-signed.
>
> In section 6.1.1, there is the following wording on page 76:
>
>        The trust anchor information may be provided to the path
>        processing procedure in the form of a self-signed certificate.
>        When the trust anchor information is provided in the form of a
>        certificate, the name in the subject field is used as the trusted
>        issuer name and the contents of the subjectPublicKeyInfo field is
>        used as the source of the trusted public key algorithm and the
>        trusted public key.
>
> The first sentence seems to indicate that the case of providing a
> trust anchor in the form of a non-self-signed certicate is not
> considered here. But the second sentence doesn't repeat the
> "self-signed" bit, which can be interpreted as that sentence also
> applying to non-self-signed certificates. However, if that is the
> case, why does the first sentence restrict itself to specifically
> self-signed certificates?
>
> On page 74 there is also the following wording:
>
>        When the trust anchor is provided in the form of a self-signed
>        certificate, this self-signed certificate is not included as
>        part of the prospective certification path.
>
> If RFC 5280 also allows the possibility of trust anchors being
> provided in the form of non-self-signed certificates, then it would
> seem that the above restriction would not apply to those, i.e., that
> they may be included as part of the prospective certifcation path.
> However, I don't see how that would make any sense.
>
> All the wording taken together, my conclusion up to now was that RFC
> 5280 simply does not consider the possibility that the trust anchor
> could be provided in the form of a non-self-signed certificate, and
> that therefore, specifications which *do* allow for that possibility
> (such as in the context of ETSI trusted lists) have to clarify how
> that case maps onto what RFC 5280 expects.
>
> If that interpretation is incorrect, that is, if RFC 5280 doesn't
> actually care about whether a trust-anchor-representing certificate
> provided as input to the path validation algorithm is self-signed or
> not, then maybe an erratum is in order?
>

Also see the path building RFC - RFC 4518. Unfortunately, the path
building RFC uses self-signed CA certificates or Root CA certificates
for trust anchors.

I generally ignore that requirement since it increases attack surface
and risk. I prefer to root trust in a CA certificate that is closest
to the end-entity certificate. It prunes the tree and attack surface
and reduces risk.

In the past, under RFC 14158, you could not anchor trust in Let's
Encrypt. You had to use one of the CA's that certified Let's Encrypt.
I don't know if it's still the case.

RFC 4518, Internet X.509 Public Key Infrastructure: Certification Path
Building, https://www.rfc-editor.org/rfc/rfc4158 .

Jeff

v2.23.0 | Report a Bug | By Email