Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

["David A. Cooper" <david.cooper@nist.gov>]

On 05/09/2018 08:49 AM, Stephen Kent wrote:

21. Section 4.1.1.4 says "Unfortunately, experience suggests that many browsers do not perform thorough syntactic checks on certificates, and so it seems unlikely that browsers will be a reliable way to detect erroneous certificates." and Section 4.2.1.4 says "As noted above (4.1.1.4), most browsers fail to perform thorough syntax checks on certificates." These sentences should be removed or modified. There is no reason that a browser should perform thorough syntactic checks on certificates, and there are good reasons for browsers not to. So, this document should not be labeling this as unfortunate or a failure. We do not want to encourage browsers to perform thorough syntax checks on certificates, as this could lead to the same types of problems that TLS has experienced, where making a change in something causes deployed products to break. 
    

It seems likely that the primary reason that browsers fail to perform thorough syntactic checks on certificates is because, at least historically, some CAs fail to issue syntactically valid certificates. This failure by browsers flies in the face of PKIX standards; you, as one who usually insists that failures to follow standards ought to be a capital crime, have no basis for criticizing this text. No changes will be made in response to this comment.

If only I had a nickel for every time you made some false accusation about me, I'd be retired by now.

Please see the message below, which I sent to mail list before you sent your response above.

Even in your response yesterday you said that "a certificate that violated the syntax imposed by a criteria such as the CABF would qualify as mis-issued," so the document does not intend to suggest that syntactic checks are just about PKIX standards, they are also about certificate profiles, which are subject to change.

This isn't about accommodating CAs that issue certificates incorrectly, but about acknowledging that (1) certificate profiles can change over time and (2) some clients will continue to use browsers that are very old.

-------- Forwarded Message --------

Subject:	Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis
Date:	Mon, 7 May 2018 16:48:44 -0400
From:	David A. Cooper <david.cooper@nist.gov>
To:	Andrew Ayer <agwa@andrewayer.name>
CC:	Paul Wouters <paul@nohats.ca>, Trans <trans@ietf.org>, Melinda Shore <melinda.shore@gmail.com>

I think it's fine for browsers to check for syntactic errors in certificates. However, I interpreted "thorough syntactic checks on certificates" to mean that browsers should be performing checks such as the ones described in https://tools.ietf.org/html/draft-kent-trans-domain-validation-cert-checks" rel="nofollow">https://tools.ietf.org/html/draft-kent-trans-domain-validation-cert-checks and https://tools.ietf.org/html/draft-kent-trans-extended-validation-cert-checks" rel="nofollow">https://tools.ietf.org/html/draft-kent-trans-extended-validation-cert-checks.

Most of the checks in these drafts are fine, as they are checks for requirements that are unlikely to change. However, some of the checks are more problematic. For example, the first of these drafts say that for DV certificates

             if the [subject] name does not contain an organizationName attribute,
             then the streetAddress attribute MUST NOT be present. If
             the organizationName attribute is present, the streetAddress
             attribute MAY be present.  This requirement is derived from
             section 9.2.4b of [CABF-DV].

What if a browser implemented a check for this and then the CA/Browser Forum later updated their Baseline Requirements to allow a streetAddress attribute in the subject fields of certificates that do not contain an organizationName attribute? This wouldn't cause a problem for users who keep their browsers up to date, but some clients continue to use browsers that are very old.