Ryan, Please could you expand a little more on this?
"*Ideally, users would most benefit from simply having a random value in the DN (no details, period) for both roots *and* intermediates, as this metadata both can and should be addressed by CCADB"* Burton On Fri, 11 Dec 2020, 16:49 Ryan Sleevi, <r...@sleevi.com> wrote: > On Fri, Dec 11, 2020 at 11:34 AM Burton <j...@0.me.uk> wrote: > >> The bits of information included in the CN field (company name, version, >> etc) created intermediate separation from the rest and the additional >> benefit of these bits of information included in the CN field in an >> intermediate was a person could locate with some accuracy at first glance >> the CA the intermediate belongs too and that can help in many different >> ways. >> > > I don't think the benefits here are meaningful, which is where I think we > disagree, nor do I think the use case you're describing is a good trade-off. > > Expecting the company name to be in the CN is, frankly, both unreasonable > and not required. The version is already there ("R3"), so I'm not sure why > you mention it, although it'd be totally valid for a CA to use a random > value there. > > I don't think "in many different ways" is very useful to articulate the > harm you see. > > >> The problem with the Let's Encrypt R3 intermediate is that the CN field >> is both unique and not unique. It's unique CN in the sense of the name "R3" >> and also only Let's Encrypt uses that name in an intermediate. It's not an >> unique CN because it's not random enough and doesn't have any other >> information to separate the intermediate if another CA decided to issue an >> intermediate with the same CN name "R3". Also from a first glance >> prospective it's hard to determine the issuer in this format without >> looking inside the intermediate subject. >> > > It would seem you're expecting the CN to be a DN. If that's the case, I > regret to inform you, you're wrong for expecting that and unreasonable for > asking for it :) > > If another CA wants to use the name R3, I see no issues with that: it is > the Distinguished Name in totality that addresses it, and we've already got > the issue you're concerned about (two CAs use the name "R3") identified by > the O. > > >> If Let's Encrypt R3 intermediate CN was hypothetically "LE R3" naming >> that would be enough uniqueness other intermediates, very short naming and >> from a first glance prospective easier to determine the issuer. >> > >> The main biggest problem point for me is the lack of uniqueness of the >> intermediate with the "R3" naming on it's own. >> > > Right, there's absolutely nothing wrong with two CAs using the same CN for > an intermediate, in the same way there's nothing wrong with two CAs using > the same CN for a leaf certificate (i.e. two CAs issuing certificates to > the same server). For your use case, it's important to use the technology > correctly: which is to use the DistinguishedName here, at a minimum. > However, I'm also trying to highlight that using the Distinguished Name > here is itself problematic, and has been for years, so if you're changing > from "use CN", you should really be "use CCADB" rather than "use CN". > > Arguments such as "easy, at a glance, in the certificate viewer", which I > can certainly understand is how some have historically looked at things, is > in practice an antiquated idea that doesn't line up with operational > practice. I don't disagree that, say, in the 80s, this is how the ITU > thought things would be, or that Netscape originally thought this is how it > would be, but in the 25 years since SSL, we know it's not how things are. > For example, in order to satisfy your use case, with the Web PKI, we would > need to require that every CA revoke every Root/Intermediate every time > they rebrand, or transfer/sell roots, to replace them with "proper" O > values. As we see from this list itself, it's not uncommon for CAs to do > that, I think we'd both agree it's not desirable to require security > updates every time a CA rebrands (nor would it be operationally viable), > and so the assumption of "look at the DN" is, logically, flawed. > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy