On Tue, 19 Apr 2022 20:40:37 -0700 "'Jacob Hoffman-Andrews' via [email protected]" <[email protected]> wrote:
> Separate from the "final" / "corresponding" question, I find this > phrasing confusing: > > > > " * if a corresponding certificate cannot be verified as matching a > > precertificate using the algorithms in RFC 6962, then two distinct > > corresponding certificates are presumed to exist, and it is > > misissuance if the two corresponding certificates have the same > > serial number and issuer, even if only one corresponding > > certificate actually exists;" > > > > In particular the "if" in "it is misissuance if" is confusing, since > it's actually unconditional: given that > > - the precertificate and the corresponding/final certificate exist, > - have the same serial number, > - either have the same issuer or are related via a Precertificate > signing certificate > - and don't match per RFC 6962 > > Then there's a misissuance; there's no "if" because the corresponding > certificate that is presumed to exist is presumed to have the same > serial and issuer. Also "matching a precertificate" is ambiguous: > does it mean "a specific precertificate" or "any precertificate?" > > For context, Andrew's original reason for proposing this text was: > > > When a Precertificate Signing Certificate is used, the issuer of a > > precertificate and its corresponding certificate are not the same, > > but there could still be a duplicate serial number violation. > > The duplicate serial number violation can happen when there are two > corresponding certificates with the same issuer and serial, right? > But that seems to be covered by the straightforward "no duplicate > serials" rule. No exemption to the "no duplicate serials" rule need > apply for setups with Precertificate Signing Certificates, because > those setups specifically avoid the "same issuer and serial" problem. > > Here's my stab at it, knowing this has been discussed many times > before and it's challenging to write well: > > - "It is misissuance for two or more certificates to be issued with > the same issuer and serial, with one exception: if exactly two > certificates are issued with the same issuer and serial, and one of > them is a precertificate, and one of them corresponds to that > precertificate, it is not misissuance." It's not necessary to provide an exception to the duplicate serial number rule for precertificates, as this is already covered by the BRs' exemption of precertificates. As I understand it, the goal of this bullet point is not to add an exception to misissuance, but to make sure that there is zero ambiguity that incidents like the following are misissuances: https://bugzilla.mozilla.org/show_bug.cgi?id=1677737 You're correct that this is technically already covered by the "no duplicate serials" rule in conjunction with the presumption of certificate existence based on a precertificate. However, CAs have repeatedly struggled with understanding this presumption, so it seems valuable to explicitly enumerate some of the implications of the presumption. I agree that this is hard to write well and could be improved but I think your proposed rewrite takes us in the wrong direction. Regards, Andrew -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20220420091938.25ebd64612ae1abe1a7712fa%40andrewayer.name.
