Here is an attempt to address the comments received thus far. In Github, here is a markup:
https://github.com/BenWilson-Mozilla/pkipolicy/commit/ee19ee89c6101c3a6943956b91574826e34c4932 This sentence would be deleted: "These requirements include all cross-certificates which chain to a certificate that is included in Mozilla’s CA Certificate Program." And the following would be added: "A certificate is deemed to directly or transitively chain to a CA certificate included in Mozilla’s CA Certificate Program if: (1) the certificate’s Issuer Distinguished Name matches (according to the name-matching algorithm specified in RFC 5280, section 7.1) the Subject Distinguished Name in a CA certificate or intermediate certificate that is in scope according to section 1.1 of this Policy, and (2) the certificate is signed with a Private Key whose corresponding Public Key is encoded in the SubjectPublicKeyInfo of that CA certificate or intermediate certificate. Thus, these requirements also apply to so-called reissued/doppelganger CA certificates (roots and intermediates) and to cross-certificates." I think it is important not to lose sight of the main reason for this proposed change-- there has been confusion about whether re-issued root CA certificates need to be disclosed in the CCADB. I look forward to your additional comments and suggestions. Thank you, Ben On Mon, Nov 2, 2020 at 11:14 AM Corey Bonnell via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > As an alternate proposal, I suggest replacing the third paragraph of > section 5.3, which currently reads: > > "These requirements include all cross-certificates which chain to a > certificate that is included in Mozilla’s CA Certificate Program." > > with: > > "A certificate is considered to directly or transitively chain to a > certificate included in Mozilla’s CA Certificate Program if there is a CA > or Intermediate certificate in scope (as defined in section 1.1 of this > Policy) where both of the following is true: > 1) The certificate’s Issuer Distinguished Name matches (according to > the name-matching algorithm specified in RFC 5280, section 7.1) the Subject > Distinguished Name of the certificate in scope, and > 2) The certificate is signed with a Private Key whose corresponding > Public Key is encoded in the SubjectPublicKeyInfo of the certificate in > scope." > > This proposal better defines the meaning of chaining to certificates > included in the Mozilla CA program and covers the various scenarios that > have caused issues historically concerning cross-certificates and > self-signed certificates. > > Thanks, > Corey > > On Wednesday, October 28, 2020 at 8:25:50 PM UTC-4, Ben Wilson wrote: > > Issue #186 in Github <https://github.com/mozilla/pkipolicy/issues/186> > > deals with the disclosure of CA certificates that directly or > transitively > > chain up to an already-trusted, Mozilla-included root. A common scenario > > for the situation discussed in Issue #186 is when a CA creates a second > (or > > third or fourth) root certificate with the same key pair as the root > that > > is already in the Mozilla Root Store. This problem exists at the > > intermediate-CA-certificate level, too, where a self-signed > > intermediate/subordinate CA certificate is created and not reported. > > > > Public disclosure of such certificates is already required by section > 5.3 > > of the MRSP, which reads, "All certificates that are capable of being > used > > to issue new certificates, and which directly or transitively chain to a > > certificate included in Mozilla’s CA Certificate Program, MUST be > operated > > in accordance with this policy and MUST either be technically > constrained > > or be publicly disclosed and audited." > > > > There have been several instances where a CA operator has not disclosed > a > > CA certificate under the erroneous belief that because it is self-signed > it > > cannot be trusted in a certificate chain beneath the already-trusted, > > Mozilla-included CA. This erroneous assumption is further discussed in > Issue > > #186 <https://github.com/mozilla/pkipolicy/issues/186>. > > > > The third paragraph of MRSP section 5.3 currently reads, " These > > requirements include all cross-certificates which chain to a certificate > > that is included in Mozilla’s CA Certificate Program." > > > > I recommend that we change that paragraph to read as follows: > > > > "These requirements include all cross-certificates *and self-signed > > certificates (e.g. "Issuer" DN is equivalent to "Subject" DN and public > key > > is signed by the private key) that* chain to a CA certificate that is > > included in Mozilla’s CA Certificate Program*, and CAs must disclose > such > > CA certificates in the CCADB*. > > > > I welcome your recommendations on how we can make this language even > more > > clear. > > > > Thanks, > > > > Ben > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy