Kathleen Wilson <[email protected]> wrote: > ACTION #4 > Workarounds were implemented to allow mozilla::pkix to handle the things > listed here: > https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Things_for_CAs_to_Fix
Hi Kathleen, Thanks for including this in the CA communication. That list of workarounds is out of date. I think it would be useful to re-triage the fixed and still-open bugs in the PSM component related to certificate verification and look for ones that were fixed by implementing a workaround for a certificate with malformed or deprecated content. For example, here are some other things that should be on the list: * Bug 1152515: CAs should ensure that all times in all certificates are encoding in a way that conforms to the stricter requirements in RFC 5280. In particular, the timezone must always be specified as "Z" (Zulu/GMT). * CAs should ensure, when signing OCSP responses with a delegated OCSP response signing certificate, that the delegated OCSP response signing certificate will not expire before the OCSP response expires. Otherwise, when doing OCSP stapling, some servers will cache the OCSP response past the point where the delegated response signing certificate expires, and then Firefox will reject the connection. * Bug 970760: CAs should ensure that all RSA end-entity certificates that have a KeyUsage extension should include keyEncipherment in the KeyUsage extension if the subscriber intends for the certificate to be used for RSA key exchange in TLS. In other words, include keyEncipherment in RSA certificates--but not ECDSA certificates--unless the subscriber asks for it not to be included. This way, Firefox can start enforcing the correct KeyUsage in certificates sooner. * CAs must ensure they include the subjectAltName extension with appropriate dNSName/iPAddress entries in all certificates. Hopefully soon Firefox and Chrome will be able to stop falling back on the subject CN when there are no dNSName/iPAddress SAN entries. * CAs should stop using any string types other than PrintableString and UTF8String in DirectoryString components of names. In particular, RFC 5280 says "TeletexString, BMPString, and UniversalString are included for backward compatibility, and SHOULD NOT be used for certificates for new subjects." Hopefully we will stop accepting certificates that use those obsolete encodings soon. There are other issues that should be on that list, but these are the main ones off the top of my head. Again, thanks for putting this together. Cheers, Brian _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
