On Thu, Apr 27, 2017 at 6:50 AM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> On 21/04/17 18:19, Eric Mill wrote:
> > The FPKI cross-signs at issue in Issue L are now expired (and so don't
> show
> > on the links above). They do show when expired certificates are included
> --
> > there are 6 of them with OU=FPKI:
> > https://crt.sh/?Identity=%25&iCAID=1384
> >
> > Each of those certificates lack a pathlen:0 constraint, and appear to be
> > the only ones that do. Symantec noted that they are path length
> constrained
> > in their response, but since they also referenced Federal PKI policy OIDs
> > (which are not respected by Web PKI clients), I thought it was worth
> being
> > explicit about the difference between the certificates referenced here
> and
> > those referenced in Issue L.
> In other words, the FPKI cross-signs weren't path length constrained and
> so promulgated trust from the entire FPKI, but the Issue Y intermediates
> are constrained and so the impact is less?

Depends on what you mean the impact being less? They were both "unaudited",
unconstrained sub-CAs, the only difference is whether they could be used to
issue new sub-CAs. But given the controls - and importantly, the
capabilities which have been acknowledged with Issue Y regarding domain
controllers - it's still virtually unlimited impact by arbitrary parties.

However, it does mean you don't have the full FPKI in scope. However, that
feels a bit like saying the unconstrained sub-CA was expired by the time
the public discussion began, and thus the impact was less.
dev-security-policy mailing list

Reply via email to