IETF Logo Mail Archive

Re: [pkix] RFC 5280 Extended Key Usage - explanation

Tim Hollebeek <tim.hollebeek@digicert.com> Mon, 20 November 2023 20:03 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1971BC14CF15 for <pkix@ietfa.amsl.com>; Mon, 20 Nov 2023 12:03:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.004
X-Spam-Level:
X-Spam-Status: No, score=-2.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, PDS_OTHER_BAD_TLD=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORawW9Rj1z1p for <pkix@ietfa.amsl.com>; Mon, 20 Nov 2023 12:03:23 -0800 (PST)
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2118.outbound.protection.outlook.com [40.107.95.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6437C15C288 for <pkix@ietf.org>; Mon, 20 Nov 2023 12:03:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i2CUZn8UfeQwf+kBk/hgv+0WHR//cNoaV8sFHW9IMAIEzhZWf8OK8QI6bEagFfWyWBeJ5sVvDoSpklOU03VQC2+bbR4QkRgcYq0GZwOEscJTv4qSkv2owW2GnHPCmWygfe4mLHLfWw9T5wbWJjuvjuDZZWu2h0MuVX+TB/MO9MXAdK3HxclzDProLI3ubFLO5hROnOxI9hPhUyXbARVImF2qmMWlR98eBsLi+JqYwXtZgaIV6TFQXWQ93w4u0mYafJycWa1qmgwZwriLYsIIt2apRZxAibzShVJfOEtChCPhLXJRigTT3xPMon87f7KjfsUWa9XSaTv6FR5KjAwgRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7SYWbIIRn0m7obHgdfWuiq/zEXfmNujHSnj06V8GhD4=; b=F64CzswpOJGrY5+8Um0Ai76k5Aef5h3UvMsz6w3Po6bRA519OP41mO1laUusgU1SUEoKhsXtEQUEc5ZvwJveLStPPyFIujaKObcnAaIDdxiCxcqReyyjDy715vALack0Iagz9Rm1tLdGzRplhvFoSVz/qBXFSsMIiH2LFjkiMxjm5Q41TtveCIAI2KklHGfXgJ3JeLFKNu1eWiwRxhxgiesbTTNZDh8nsQtDWqURfe6FLvxryhBaUvtYyFif5PMkxiA5rEbK331L+KfH5T8LXikslNTntUoHf4O6L1IkBZ2cLtZZKPm2NtUl+E1DoPkaFqyKNbiseAAbPyrs9fib6Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7SYWbIIRn0m7obHgdfWuiq/zEXfmNujHSnj06V8GhD4=; b=eCb+XSJokZ0P2nMChWgaqDjbxAedDhO7fCNOOnzPboH2YS7gDFzEYZhx/rhzRnfLFaNpoabHCL3L1WCZYboj82IcDZI++aALh5O8NgyPGk+kjMfWVTHVOS1jAaHneUVEC1kb51BBXqOwwv+KMTWUPdyJQ1iYYGOiJW5NyNZZq8ebMahsojG/683rvvZCOtVMZLaYyLay0x2Vjh6LBYX2xds4n6QayAWugnGTCbSPE8vzUMwWoV8078UV+E0n8g7nhxotXouyS3qxpq++20p1Wn4NXGuWkUaKfSGiXlrnAVSP7atyHjwnt1KFNMV3/o+CpgGMRhVVgFssOiB00SWznQ==
Received: from SN7PR14MB6492.namprd14.prod.outlook.com (2603:10b6:806:328::17) by CH2PR14MB3564.namprd14.prod.outlook.com (2603:10b6:610:66::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7002.27; Mon, 20 Nov 2023 20:03:13 +0000
Received: from SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::2a37:c081:fe77:e889]) by SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::2a37:c081:fe77:e889%4]) with mapi id 15.20.7002.026; Mon, 20 Nov 2023 20:03:13 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Russ Housley <housley@vigilsec.com>, Peter Miškovič <Peter.Miskovic=40disig.sk@dmarc.ietf.org>
CC: IETF PKIX <pkix@ietf.org>
Thread-Topic: [pkix] RFC 5280 Extended Key Usage - explanation
Thread-Index: AdoWAnjikrxKXJ41SWu5qcXZSUV0eQF4Vn6AAAGS7bA=
Date: Mon, 20 Nov 2023 20:03:13 +0000
Message-ID: <SN7PR14MB649287B4A91560610D28EDCB83B4A@SN7PR14MB6492.namprd14.prod.outlook.com>
References: <1cc8b53823ff40d7bbfa126478461a43@disig.sk> <F0554924-EDED-4427-8596-279DEB3D3EFF@vigilsec.com>
In-Reply-To: <F0554924-EDED-4427-8596-279DEB3D3EFF@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN7PR14MB6492:EE_|CH2PR14MB3564:EE_
x-ms-office365-filtering-correlation-id: e2dea2d9-ae8d-4bc8-493a-08dbea03ba55
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: d559JcJEa/mleX/DTN8btes2RH5WcXcejLQTMW/5IqXKTTlahMr8nuA6RNOE8bmwIZM3g3xn30O7OSY9pDvwoEE5a/1Pv5sjeJcca1XRds9ousj6jlA2csHkTbo3GBVzYUn+yKuFbjDmFb5cGYWfUNjHuKJs4iOhC0ncCCLwyIw/B/+dpW+hkNyHuVp9sT3W/r0epEr/Sw4DpuUz4emlvXiK3/YMQc4s4LeIo8vp/Xb5C0Zdr24qxE/DjT3DmFUEfqyVJZ4g7i0PVobaJgEc6f+I1RAc/ijZhW0YFjeRwPAqPgAigs2EOZLz5rdqLEvvrMfX5mxvCfmJUCGIpIDYyP+RFxvlDEStGCOo3CmGIaI7hG+ZreSKYtVVnTNS8eo18w9fphEWHC5VZABKlZQLvQ668Ztajx24XV2Tw5aePNGkuhm0OTljSfm75uuL2fWnHVUsNcSsUcnPxxZGDl2Xug/VXNwC4zf76TOHcptdG9v1tpL07ctCV+gNRAAVusCK7LrabesuA4X6hhG+sqpCkBduG83+6PMFGRfn0ebWDWShoed+tX6enhHLOFv24+fSMp1e9Kotwe6Q0m7/6/ElNYlhxqkOLkMuc4Cq0aduDND8Ag6wqxAD8Muw/x8cEX7CMxEn9KThXT6Igypf2T85Qw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN7PR14MB6492.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(366004)(396003)(136003)(346002)(39850400004)(230922051799003)(186009)(451199024)(64100799003)(1800799012)(71200400001)(6506007)(7696005)(122000001)(478600001)(966005)(9686003)(316002)(55016003)(8936002)(26005)(8676002)(4326008)(38100700002)(66946007)(66574015)(66446008)(110136005)(76116006)(166002)(66476007)(64756008)(66556008)(99936003)(53546011)(83380400001)(52536014)(2906002)(44832011)(5660300002)(33656002)(41300700001)(86362001)(38070700009)(12620500005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 76/L3HcCR1zJtu4fkYpNCVYrqZUxj51euau7yqurPp/veBO2/1fM0ZlJITz+LmdW1oX3LHRpihfHrlQVGWhoBQc9wP68Uld3WcgFB6QeIt0pDnBOQXcUamp66yoN81y/R+Vq1G+TzjvoYkJ3RrRfa/6msWsyzA3c1uap5GUxV9T+moa0mYBUyR4sUieuTxYINdEgRJQPi8DCetAkn3KoFTscnU5Uruzag+Wu1WibVrJkEJVcTaoRU0MIU0G65hE2OVQNDOvVtexTdogmEwT27jF5L+EEmts10l8PtbnE/X5hqOBv966wLJR+bA7gnld9sHAKamq9DyhUNz1NaFqiOqqzE2rwRfYJCcfveUv/T0akiIRaxzSXAFcckndSxZD9fhHg0VX1uWYEuNi65iuMJovJBstT2GI+mGZh5uJrFzd7vk+kquF+RLBq7rYtSFEHnV2ywLEx5p4S13XRl0+RZEcTfgfWeEW/81xoqL8lSoBm0H8ofnRq1W4wcpSqyKX+J07TnW62zdEHbOqwITPiq4wD94lKFJoOnOyfBxqTbDZ8Puq3K9PKnFmuV0B3KxGr9n1YUfLs/LqFm37VSLV1X4wHk4n7ywrVwygc8PcqVWfDZMl3wNteMHGY18FkG/Zrk9C3sBcucLdzf0m9ktMGbu2LhyRvZkOQWKpZwkzpoQExJu/IAQ76sB/vFXL1I7aWFR4qB9PFevHLmB26SGlHjnkczGMHP1Oc3fM9lwF22qCqkk0Lvf+ncukpPWTOBAMur5cbUkM6SEOjykxZ54aCxUQMP43vLCP4tR031+lcT4SNxnbnTLXw9yQv8Eyn2zv8gxIGgwmXDtt7YjKIS3sIxigzrINU8dygcgSscSQ85WEy0ThVQqN/CrZHfR3TaDV6lobrMCfyx51kPSkxqTRKH5pAq2jkBJ7Whk880Mzq5y9uoIKmooVpjgkJcv4t4vMzB9vzuRMtd1WKGjtJz91cTldD6c1r6WxKdA8OSUkuvFc76Hip/AI5nSzvjflqL9rlVPB/EPDqSo39i1hdk20iBB5krD9cFQQ3PjfU+6Pfo1Px6/3dVXGHp0LrV84AZdovjQK0c2BsJCRl0B0qw3ie75JRICbeegrR35bspZEue7iRuNGSXYpCMtxptfQnpwXWUuttHzBKWpj3puRPcTiQYxinFz1WEC1bGWI7kVdD9n/6LCRXCMYzXTR3MNKII8FZmbrRZDB5c3OoQVoi/97rUTTV6jPnt2CSMxhlwVA7QLbg77B0SuzuCFCBDODPKauecbpBwJntS3UWuPaOwtrQflTG9jmK8pBoW9tKJDP0azEPoIZ5pvOsDWCBTwAbijwEcjs5+yJhufS6+CKmT7XTdmEugsxPW2ZcTzb2iuDoXdBIwVBMbMjqUTiv8FPx+weh+1lgYiHCZ+5vnEF7TmgYlW9KInAP4LCSpazTI1KPD1UUNbF8Je5v6Ow2SD43iJ4tQNg3Z6Cr7sc76C9RGjH16My6c2yzOrAw/xXdkn5soWvCIMtqI2UYUYJCe6YadpKZoYpPvXMkZxnFIxB57496VmuZk+6tTuOtEWBNLk8oxwBTnaR1WMrIKBC+ZdVUVlRj
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_018A_01DA1BC2.AD765630"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN7PR14MB6492.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e2dea2d9-ae8d-4bc8-493a-08dbea03ba55
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Nov 2023 20:03:13.4489 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wEaUyDoN4UTsoOppc2YRHP6OoSniabpXbJaDRDlX+KDjWM3f7AJ2u7vYHztAPYJy68ew7BDw6gtBpOoJr81z4FNg81VCW5oBqALp9k95cyM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR14MB3564
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/erilw25Lxe5VxdCxxaEZ8yDzE7M>
Subject: Re: [pkix] RFC 5280 Extended Key Usage - explanation
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2023 20:03:27 -0000

This is true, but the docSigning EKU is new and not widely adopted yet.  I would encourage its rapid adoption where practical, for exactly this sort of reason.  Existing practices for key separation in the industry fall well short of what RFC 5280 anticipated and desired.

 

Here’s what’s going on.  The “must be processed independently” is referring to KUs and EKUs.  Since your KU is digitalSignature and all of your use cases (documents, www client, email) are all signature use cases, that KU is fine for all three cases.  You have verified that the KU (digitalSignature) matches the use (one of three digital signature use cases).  Everything is fine.

 

Then you examine the EKUs, _independent_ of the chosen KU.  This is where existing practice gets dicey.

 

In theory, there should be separate EKUs for documents, client certs, and email certs.  In practice, reuse of either emailProtection or clientAuth for all three is embarrassingly common.  This happens because the document signing EKU never existed (we just fixed that very recently), and the relying party software for the other two uses cases either picked one or both and ran with them.  Strict compliance with RFC 5280 has not previously been a strong focus in either the client or email certificate markets, which is one of the things that has made the transition to the S/MIME BRs very challenging.

 

Trying to disentangle the mess between clientAuth and emailProtection is one of the reasons why the S/MIME BRs very intentionally restrict themselves to EKU=emailProtection *and* an email address appears in the certificate.  There’s some annoying legacy use cases that need to be allowed to continue for a bit.  Part of the problem is clientAuth is often confusingly entangled with serverAuth, which is also unhelpful.  This will probably be addressed at CABF at some point, probably by kicking clientAuth out of public trust.  That’s at least directionally what the browsers (e.g. Google) seem to be saying recently.

 

But anyway, this is mostly just historical context about why this is a mess, and the work that is being done to clean it up.  If people could start coalescing around using clientAuth, emailProtection, and documentSigning correctly, it would help clean up the industry a bit and make all three certificate ecosystems a bit less of a mess.

 

-Tim

 

From: pkix <pkix-bounces@ietf.org> On Behalf Of Russ Housley
Sent: Monday, November 20, 2023 2:00 PM
To: Peter Miškovič <Peter.Miskovic=40disig.sk@dmarc.ietf.org>
Cc: IETF PKIX <pkix@ietf.org>
Subject: Re: [pkix] RFC 5280 Extended Key Usage - explanation

 

There is a document-signing extended key usage defined in RFC 9336 to resolve this ambiguity.

 

Russ

 





On Nov 13, 2023, at 2:27 AM, Peter Miškovič <Peter.Miskovic=40disig.sk@dmarc.ietf.org <mailto:Peter.Miskovic=40disig.sk@dmarc.ietf.org> > wrote:

 

Hello

 

I want to ask you for an explanation of this part of RFC5280:

 

4.2.1.12. Extended use of the key

 

"If a certificate contains both a key usage extension and an extended key usage extension, then both extensions MUST be processed independently and the certificate MUST only be used for a purpose consistent with both extensions."

 

Means this that if I have the "digitalSignature" extension in the Key Usage certificate and the "id-kp-clientAuth" extension in the Extended Key Usage extension, I can use such certificate for TLS WWW client authentication only and not for digitally signing documents, for example PDF?

 

Or it can be understood that I can use such certificate only for digitally signing or TLS WWW client authentication, but not for anything else, e.g. Email protection, code signing?

 

What does "then both extensions MUST be processed independently" mean, if I should take into account their common connection as a result?

 

Thank you in advance.

 

Regards

Peter Miskovic

---------------------------------

Peter Miskovic

CA Chief Operating Officer

 

Disig, a.s.

Zahradnicka 151, 821 08 Bratislava 2, Slovakia

 

phone  +421 2 208 50 150

cell phone +421 905 960 345

peter.miskovic@disig.sk <mailto:peter.miskovic@disig.sk> 

www.disig.sk <https://url.avanan.click/v2/___http:/www.disig.sk/___.YXAzOmRpZ2ljZXJ0OmE6bzozYTY3MmJjODNjMzgwMDFlN2UyZWQ2MGI4MjA1ZWIyODo2OmIyMjM6OGM4OWQ1OTQzZDVhMzc0M2Q0MzJkMjAzYTM2MzMyY2FhN2ZjZjk4NmM3NjZlNzdmMTNjOGY2MmY1MTI0NWZhOTpoOkY> 

_______________________________________________
pkix mailing list
 <mailto:pkix@ietf.org> pkix@ietf.org
 <https://url.avanan.click/v2/___https:/www.ietf.org/mailman/listinfo/pkix___.YXAzOmRpZ2ljZXJ0OmE6bzozYTY3MmJjODNjMzgwMDFlN2UyZWQ2MGI4MjA1ZWIyODo2OjM5ZWU6MWUyNGI0OTA1MzU1MTJmNWJmZDU4NDI1MTZiOTM1ZmI5MDBkNmYwMzBiM2Y0MjM0ZmE3MTUyNjkxZjAxODRlZjpoOkY> https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email