On Apr 7, 4:54 am, Jean-Marc Desperrier <jmd...@gmail.com> wrote: > Matt McCutchen wrote: > > On Apr 6, 5:54 am, Jean-Marc Desperrier<jmd...@gmail.com> wrote: > >> > Matt McCutchen wrote: > >>> > > An extended key usage of "TLS Web Server Authentication" on the > >>> > > intermediate CA would constrain all sub-certificates, no? > > >> > You are here talking about a proprietary Microsoft extension of the X509 > >> > security model. > > No, I'm talking about the "Extended Key Usage" extension defined in > > RFC 5280 section 4.2.1.12. > > I repeat, you *are* talking about a proprietary Microsoft extension, > which is to take into account the EKU inside path validation. > > The EKU as defined in section 4.2.1.12 of RFC 5280 only applies to the > certificate that contains it, it has no effect on certification paths > that include that certificate.
Ah, you are right. Bummer! We do need a way to limit the intermediate certificate to SSL server usage, otherwise it will be difficult to anticipate and close off all the possibilities for abuse with other EKUs. I will raise this with the PKIX working group. The Microsoft behavior makes complete sense to me, so maybe it could just be adopted by the standard. -- Matt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto