There are a bunch of changes to PKIX that were blocked for quite some time. The opposition coming from a cabal of DoD etc. contractors. This opposition has proven ultimately futile since the industry has decided to ignore the specification and set its own standards in two cases.
I don't want to get into a discussion of Snowden etc. I will however note that I suspected something of the sort was going on several years ago and that is why I was looking to take the standards process to a forum where such interference could be prevented. The only practical effect of Snowden is that I can now explain the reasons for that decision without sounding like a black helicopter paranoid nut. 1) Name Constraints MUST be marked critical And utterly stupid restriction since the semantics of the criticality bit are 'break backwards compatibility'. Use of name constraints provide a significant reduction in the attack surface and would have prevented the Flame attack. However marking a name constraint critical breaks Safari and provides no security benefit in the Web PKI. Outcome: Industry has decided that the standard is that name constraints MAY be marked non-critical. 2) OCSP reports success for unknown/unissued certificates. One of the reasons that the DigiNotar incident was so severe is that the OCSP responder reported 'Valid' status for certificates that the CA had not issued. This limit is allegedly a consequence of the DoD's billion dollar PKI being unable to issue OCSP responses except by using CRLs as a source. One important consequence of this constraint is that it provides a weak form of CA transparency. It is possible to determine whether a CA is consistently defaulting on this requirement or not. Outcome: Industry has mandated OCSP responses report INVALID status if the certificate was not issued. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
