Re: [Acme] Certificate chains including roots

On Wed, Mar 14, 2018 at 9:23 PM, Jacob Hoffman-Andrews wrote: > On 03/12/2018 05:25 AM, Hugo Landau wrote: >> 3. Clarify the specification to state that the root certificate must >> not appear in the chain, and that roots must be retrieved using the >> AIA URL inside the

Re: [Acme] Certificate chains including roots

On 03/12/2018 05:25 AM, Hugo Landau wrote: > 3. Clarify the specification to state that the root certificate must > not appear in the chain, and that roots must be retrieved using the > AIA URL inside the final certificate in the chain if it is needed. > This minimises the chance

Re: [Acme] Certificate chains including roots

This matches my understanding. ACME cannot be prescriptive on this, not least because the notion of a "root certificate" is not well defined for the server -- the server doesn't know what the client does or does not trust. On Mon, Mar 12, 2018 at 11:26 AM, Martin Thomson

Re: [Acme] Certificate chains including roots

On Wed, Mar 14, 2018 at 17:57:43 +, Hugo Landau wrote: > > Rationale is that the client shouldn't blindly trust that the chain > > received by the acme server is valid. > See my other reply. But to respond to this specifically, can you explain > what threat model is mitigated > by distrusting

Re: [Acme] Certificate chains including roots

> I must admit that I'm not very familiar with DANE. > > What would be a typical use case where you use ACME but you don't > already know the root cert? Where DANE is used, a trust anchor is referenced by a hash of its public key or certificate, which is placed in a DNSSEC-secured DNS record.

Re: [Acme] Certificate chains including roots

The usage model I think we should aim for is where chains are used as-is. For instance, the chain is fed straight to the HTTPS server. There is reasonably strong advice against sending trust anchor certificates over the wire, and most software simply spools out everything it is given. I thought

Re: [Acme] Certificate chains including roots

On Mon, Mar 12, 2018 at 16:01:24 +0100, Philipp Junghannß wrote: > But isn't the point of this proposal that the client CANNOT be expected > knowing the root like with DANE/TLSA'd servers with a custom root or > whatever? I must admit that I'm not very familiar with DANE. What would be a typical

Re: [Acme] Certificate chains including roots

But isn't the point of this proposal that the client CANNOT be expected knowing the root like with DANE/TLSA'd servers with a custom root or whatever? Am 12.03.2018 15:57 schrieb "Jörn Heissler" : > On Mon, Mar 12, 2018 at 12:25:14 +, Hugo Landau wrote: > > 1.

Re: [Acme] Certificate chains including roots

On Mon, Mar 12, 2018 at 12:25:14 +, Hugo Landau wrote: > 1. Clarify the specification to state that the root certificate must > always appear in the chain at the end. Clients should be advised to > pop the root certificate if they are procuring certificate chains > for

[Acme] Certificate chains including roots

The current specification seems a bit ambiguous regarding whether a PEM certificate chain includes the root CA certificate. Most of the time the root CA shouldn't be included in a certificate chain sent by a TLS server. However, there are circumstances in which it is essential; namely, when DANE