Le lundi 8 février 2016 21:43:19 UTC+1, Kathleen Wilson a écrit : > On 2/8/16 12:22 PM, Kathleen Wilson wrote: > > On 2/8/16 12:18 PM, Kathleen Wilson wrote: > >> All, > >> > >> We recently added two tests that CAs must perform and resolve errors for > >> when they are requesting to enable the Websites trust bit for their root > >> certificate. > >> > >> Test 1) Browse to https://crt.sh/ and enter the SHA-1 Fingerprint for > >> the root certificate. Then click on the 'Search' button. Then click on > >> the 'Run cablint' link. All errors must be resolved/fixed. > >> > >> Test 2) Browse to https://cert-checker.allizom.org/ and enter the test > >> website and click on the 'Browse' button to provide the PEM file for the > >> root certificate. Then click on 'run certlint'. All errors must be > >> resolved/fixed. > >> > >> I added these to item #15 of > >> https://wiki.mozilla.org/CA:Information_checklist#Technical_information_about_each_root_certificate > >> > >> This has sparked some discussions in Bugzilla Bugs that I think we > >> should move here to mozilla.dev.security.policy so that everyone may > >> benefit from the resulting decisions. > >> > >> So, if you have feedback or questions about these new tests, please add > >> them here. > >> > >> Thanks, > >> Kathleen > > > > Also, to clarify... > > > > Already-included root certificates are grandfathered in, but all new > > root certificates need to meet the BRs and pass these certlint tests > > without error before they can be included. However, we are open to > > updating the certlint tests, as long as the updates are in line with the > > BRs. > > One topic currently under discussion in Bug #1201423 is regarding root > certificates with serial number of 0. The error being returned by > http://cert-checker.allizom.org/ is "Serial number must be positive". > > Arguments raised in the bug: > > >>> RFC 5280 is not ambiguous as to whether zero is positive or not. > >>> https://tools.ietf.org/html/rfc5280#section-4.2.1.10 > >>> Note: Non-conforming CAs may issue certificates with serial numbers > >>> that are negative or zero. Certificate users SHOULD be prepared to > >>> gracefully handle such certificates. > >>> So zero is clearly non-conforming.
Objection, votre honneur! The above excerpt from RFC5280 is only a note. The paragraph saying that a serial number must be positive is this one: ----- The serial number MUST be a positive integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate). CAs MUST force the serialNumber to be a non-negative integer. ----- Please note that in the same paragraph, it is said that the serial number must be positive and that the serial number must be non-negative. This is ambiguous regarding to 0. For native english speakers, the number 0 is neither positive nor negative, and is therefore a member of the non-negative set of numbers, and also a member of the non-positive set of numbers. For french native speakers, 0 is both positive and negative (it's even the only number that is at the same time positive, negative, and pure imaginary). In my opinion, 0 is a perfectly acceptable serial number, but I'm french, whence bizarre. That said, 0 is a poor choice for a serial number, close to the cliff. Even ignoring my frenchyness, 0 is a non-negative number, therefore is allowed by this exact paragraph. > >> The whole RFC5280 section 4.1 refers to the information associated > with the > >> subject of the certificate and the CA that issued it. This is not a > >> certificate issued by a CA, it is a self-signed certificate, which > is the > >> trust-anchor itself. > > > We believe that this section applies to issued certificates. > > Quoting the beginning of the section: > > The sequence TBSCertificate contains information associated with the > > subject of the certificate and the CA that issued it. > > > > Thus, it only applies to certificates issued by a CA, and not to the CA > > itself. > > Does section 4.1 of RFC5280 apply to root certificates? Section 4.1 defines the structure of a certificate, so it clearly applies to root certificates. A trust anchor doesn't need to be materialized by a certificate, but every root program does so. > Is a root certificate with serial number 00 compliant with RFC5280 and > the BRs? X.509 doesn't restrict the serialNumber to anything. RFC2459 didn't either. RFC3250/5280, a profile of X.509, introduced restrictions on serial numbers, with an ambiguity regarding to 0. BR doesn't clarify the 0 position. I read the ambiguity as a yes. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
