On Fri, May 16, 2025 at 10:12:29PM -0500, Grant Taylor via mailop wrote:
> On 5/16/25 9:57 PM, Viktor Dukhovni via mailop wrote:
> > You probably should not trust the subject name of a client certificate
> > from a public CA to be a valid binding to local authorisation data. In
> > typical deployments that means you trust every CA/B forum public CA to
> > identify your authorised users, which would not be a good idea.
>
> I assume that you're referring to the possibility that any trusted root CA
> could sign for a given subject.
>
> I now realize that I failed to clarify that there are actually three aspects
> to consider: 1) authentication -- does the certificate validate, 2) is the
> certificate issued by a specific CA, and 3) is the subject authorized.
>
> The 2nd part of that prevents the use of certificates for a given subject
> that other CAs might sign.
Yes, but applications that support restricting specific subjects to
specific issuing CAs are rare. If you're outsourcing issuing client
certificates to just one trusted CA, and the associated authorisation is
low risk, perhaps your server can be configured with just that CA as a
trusted issuer, but this can be tricky to get right and fragile.
And you then still potentially need to support CRLs, ...
So my advice remains to limit client authorisation to clients matched by
key fingerprint, without complications as a result of delegation to a
third-party CA.
--
Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
