As an alternate proposal, I suggest replacing the third paragraph of section 5.3, which currently reads:
"These requirements include all cross-certificates which chain to a certificate that is included in Mozilla’s CA Certificate Program." with: "A certificate is considered to directly or transitively chain to a certificate included in Mozilla’s CA Certificate Program if there is a CA or Intermediate certificate in scope (as defined in section 1.1 of this Policy) where both of the following is true: 1) The certificate’s Issuer Distinguished Name matches (according to the name-matching algorithm specified in RFC 5280, section 7.1) the Subject Distinguished Name of the certificate in scope, and 2) The certificate is signed with a Private Key whose corresponding Public Key is encoded in the SubjectPublicKeyInfo of the certificate in scope." This proposal better defines the meaning of chaining to certificates included in the Mozilla CA program and covers the various scenarios that have caused issues historically concerning cross-certificates and self-signed certificates. Thanks, Corey On Wednesday, October 28, 2020 at 8:25:50 PM UTC-4, Ben Wilson wrote: > Issue #186 in Github <https://github.com/mozilla/pkipolicy/issues/186> > deals with the disclosure of CA certificates that directly or transitively > chain up to an already-trusted, Mozilla-included root. A common scenario > for the situation discussed in Issue #186 is when a CA creates a second (or > third or fourth) root certificate with the same key pair as the root that > is already in the Mozilla Root Store. This problem exists at the > intermediate-CA-certificate level, too, where a self-signed > intermediate/subordinate CA certificate is created and not reported. > > Public disclosure of such certificates is already required by section 5.3 > of the MRSP, which reads, "All certificates that are capable of being used > to issue new certificates, and which directly or transitively chain to a > certificate included in Mozilla’s CA Certificate Program, MUST be operated > in accordance with this policy and MUST either be technically constrained > or be publicly disclosed and audited." > > There have been several instances where a CA operator has not disclosed a > CA certificate under the erroneous belief that because it is self-signed it > cannot be trusted in a certificate chain beneath the already-trusted, > Mozilla-included CA. This erroneous assumption is further discussed in Issue > #186 <https://github.com/mozilla/pkipolicy/issues/186>. > > The third paragraph of MRSP section 5.3 currently reads, " These > requirements include all cross-certificates which chain to a certificate > that is included in Mozilla’s CA Certificate Program." > > I recommend that we change that paragraph to read as follows: > > "These requirements include all cross-certificates *and self-signed > certificates (e.g. "Issuer" DN is equivalent to "Subject" DN and public key > is signed by the private key) that* chain to a CA certificate that is > included in Mozilla’s CA Certificate Program*, and CAs must disclose such > CA certificates in the CCADB*. > > I welcome your recommendations on how we can make this language even more > clear. > > Thanks, > > Ben _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
