On Friday, 19 May 2017 20:41:20 UTC+1, Matthew Hardeman wrote: > From a perspective of risk to the broader web PKI, it would appear that a > properly name constrained intermediate with (for example) only the Server > and Client TLS authentication ekus with name constraints limited to > particular validated domains (via dnsName constraint along with excluding > wildcard IP/netmask for IPv4 and IPv6) is really no substantively more risky > than a multi-SAN wildcard certificate with the same domains.
Unlike a wildcard, the constrained intermediate impacts all names under that tree. For example a certificate for *.example.com definitely isn't valid for mail.research.example.com, www.research.example.com etc. whereas a constrained intermediate for example.com _is_ able to issue for those names. But yes, overall Matt's approach makes sense to me, lightweight disclosure such as via CT logging of such intermediates is appropriate from what I can see. Issuance _of_ the intermediates needs to have good oversight, but we don't need to freak out about the issuance _from_ them too much. If they're badly run they will join in that a huge number of poorly looked after end entity certificates, and have not dissimilar risk, narrowed to just the affected subject domain(s). _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
