On Mon, Mar 27, 2017 at 9:45 AM, tpg0007--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On https://pki.goog, all 5 of Google's newer subCAs have Extended Key > Usage extension of serverAuth and clientAuth, unusual for CAs but not > forbidden I guess. Their Key Usage extension contains the expected cert and > CRL sign bits. Put together though they appear to be noncompliant with RFC > 5280 4.2.1.12, which states that if both extensions are present then the > certificate should not be used for any purpose unless that purpose is > consistent across both extensions. The digitalSignature key usage that > might make them consistent with the above EKU is clearly not present. > This sounds like a misunderstanding over the RFCs, rather than a violation. While you highlight the presence of EKUs as unusual, but not forbidden, it's actually quite usual, and something that both Microsoft and Mozilla have explored mandating in the past. You can find lots of discussion within the IETF PKIX WG going over 10 years on this matter, but effectively, an EKU within an intermediate acts as a constraint upon the EKUs of certificates it issues. That is, it behaves similar to Certificate Policies by describing an 'effective' EKU set. Virtually every major PKI library deployed as part of the Web PKI recognizes this, and uses it as an effective way to scope the issuance of types of certificates. That is, if an intermediate contains an EKU extension, does not contain the any EKU identifier, and contains EKUs other than serverAuthentication, then these libraries WILL NOT accept certificates issued by these sub-CAs as valid for serverAuthentication. To this end, the purpose of Certificate Signatures is entirely consistent. The digitalSignature purpose, as a key usage, as it is used in TLS, relates to the ciphersuites employed. Thus, this is also not a contradiction to 5280. Does that help explain? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
