On Wed, Mar 14, 2018 at 9:23 PM, Jacob Hoffman-Andrews wrote:
> On 03/12/2018 05:25 AM, Hugo Landau wrote:
>> 3. Clarify the specification to state that the root certificate must
>> not appear in the chain, and that roots must be retrieved using the
>> AIA URL inside the
On 03/12/2018 05:25 AM, Hugo Landau wrote:
> 3. Clarify the specification to state that the root certificate must
> not appear in the chain, and that roots must be retrieved using the
> AIA URL inside the final certificate in the chain if it is needed.
> This minimises the chance
This matches my understanding. ACME cannot be prescriptive on this, not
least because the notion of a "root certificate" is not well defined for
the server -- the server doesn't know what the client does or does not
trust.
On Mon, Mar 12, 2018 at 11:26 AM, Martin Thomson
On Wed, Mar 14, 2018 at 17:57:43 +, Hugo Landau wrote:
> > Rationale is that the client shouldn't blindly trust that the chain
> > received by the acme server is valid.
> See my other reply. But to respond to this specifically, can you explain
> what threat model is mitigated
> by distrusting
> I must admit that I'm not very familiar with DANE.
>
> What would be a typical use case where you use ACME but you don't
> already know the root cert?
Where DANE is used, a trust anchor is referenced by a hash of its public
key or certificate, which is placed in a DNSSEC-secured DNS record.
The usage model I think we should aim for is where chains are used
as-is. For instance, the chain is fed straight to the HTTPS server.
There is reasonably strong advice against sending trust anchor
certificates over the wire, and most software simply spools out
everything it is given.
I thought
On Mon, Mar 12, 2018 at 16:01:24 +0100, Philipp Junghannß wrote:
> But isn't the point of this proposal that the client CANNOT be expected
> knowing the root like with DANE/TLSA'd servers with a custom root or
> whatever?
I must admit that I'm not very familiar with DANE.
What would be a typical
But isn't the point of this proposal that the client CANNOT be expected
knowing the root like with DANE/TLSA'd servers with a custom root or
whatever?
Am 12.03.2018 15:57 schrieb "Jörn Heissler" :
> On Mon, Mar 12, 2018 at 12:25:14 +, Hugo Landau wrote:
> > 1.
On Mon, Mar 12, 2018 at 12:25:14 +, Hugo Landau wrote:
> 1. Clarify the specification to state that the root certificate must
> always appear in the chain at the end. Clients should be advised to
> pop the root certificate if they are procuring certificate chains
> for
The current specification seems a bit ambiguous regarding whether a PEM
certificate chain includes the root CA certificate.
Most of the time the root CA shouldn't be included in a certificate
chain sent by a TLS server. However, there are circumstances in which it
is essential; namely, when DANE
10 matches
Mail list logo