Re: and constrained subordinate CA costs?

2005-03-29 Thread Peter Gutmann
Erwann ABALEA [EMAIL PROTECTED] writes:
On Fri, 25 Mar 2005, Florian Weimer wrote:
* Adam Back:
Does anyone have info on the cost of sub-ordinate CA cert with a name
space constraint (limited to issue certs on domains which are
sub-domains of a your choice... ie only valid to issue certs on
sub-domains of foo.com).
Is there a technical option to enforce such a policy on subordinated
CAs?

Yes, the nameConstraints extension. But nobody checks it, and since this
extension MUST be critical as per RFC3280, it invalidates the CA certificate
that includes it, making it useless, for now.

Not necessarily, some implementations also ignore the critical flag, so the
cert is treated as valid, although the entire extension is ignored.  However a
corollary of this is that because of the hit-and-miss nature of support for
the extension, you can't rely on it unless you carefully control all of the
software that's used to process certs and make sure that it handles everything
correctly.

(Even if your app supports name constraints, there are some rather arcane
matching rules in the spec that a number of apps get wrong, so there's a whole
range of behaviours that you can encounter when you put a nameConstraints
extension in a cert).

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: and constrained subordinate CA costs?

2005-03-28 Thread Matt Crawford
On Mar 25, 2005, at 11:55, Florian Weimer wrote:
Does anyone have info on the cost of sub-ordinate CA cert with a name
space constraint (limited to issue certs on domains which are
sub-domains of a your choice... ie only valid to issue certs on
sub-domains of foo.com).
Is there a technical option to enforce such a policy on subordinated
CAs?
There's an X.509v3 NameConstraints extension (which the higher CA would 
include in the lower CA's cert) but I have the impression that ends 
system software does not widely support it.  And of course if you don't 
flag it critical, it's not very effective.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: and constrained subordinate CA costs?

2005-03-28 Thread Adam Back
On Fri, Mar 25, 2005 at 04:02:36PM -0600, Matt Crawford wrote:
 There's an X.509v3 NameConstraints extension (which the higher CA would 
 include in the lower CA's cert) but I have the impression that ends 
 system software does not widely support it.  And of course if you don't 
 flag it critical, it's not very effective.

Well I would say downright dangerous -- if its not flagged critical
and not understood, right?

Implication would be an intended constrained subordinate CA would be
able to function as an unconstrained subordinate CA in the eyes of
many clients -- free ability to forge any domain in the global SSL
PKI.

Adam

On Fri, Mar 25, 2005 at 04:02:36PM -0600, Matt Crawford wrote:
 
 On Mar 25, 2005, at 11:55, Florian Weimer wrote:
 
 Does anyone have info on the cost of sub-ordinate CA cert with a name
 space constraint (limited to issue certs on domains which are
 sub-domains of a your choice... ie only valid to issue certs on
 sub-domains of foo.com).
 
 Is there a technical option to enforce such a policy on subordinated
 CAs?
 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: and constrained subordinate CA costs?

2005-03-28 Thread Matt Crawford
On Mar 25, 2005, at 16:06, Adam Back wrote:
There's an X.509v3 NameConstraints extension (which the higher CA 
would
include in the lower CA's cert) but I have the impression that ends
system software does not widely support it.  And of course if you 
don't
flag it critical, it's not very effective.
Well I would say downright dangerous -- if its not flagged critical
and not understood, right?
Implication would be an intended constrained subordinate CA would be
able to function as an unconstrained subordinate CA in the eyes of
many clients -- free ability to forge any domain in the global SSL
PKI.
Exactly.  (Just like the root CAs in the browser's shipped list.  :-)
And if it's marked critical, the certificate is no damn use to almost 
anyone.  Chicken, meet egg.  Egg, chicken.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


and constrained subordinate CA costs? (Re: SSL Cert prices ($10 to $1500, you choose!))

2005-03-25 Thread Adam Back
The URL John forwarded gives survey of prices for regular certs and
subdomain wildcard certs/super certs (ie *.mydomain.com all considered
valid with respect to a single cert).

Does anyone have info on the cost of sub-ordinate CA cert with a name
space constraint (limited to issue certs on domains which are
sub-domains of a your choice... ie only valid to issue certs on
sub-domains of foo.com).

Maybe the answer is a lot of money... CA operators probably view
users of this kind of tech to be corporations with big infrastructure
to secure.  It sounds like the http://www.thawte.com/spki/ offers this
kind of service.  However it sounds like its web based so they have
really just bundled a more streamlined way to create lots of certs.

(Thawte spki means starter PKI (not simple pki)).

Adam

On Fri, Mar 04, 2005 at 03:53:51PM -0800, John Gilmore wrote:
 For the privilege of being able to communicate securely using SSL and a
 popular web browser, you can pay anything from $10 to $1500.  Clif
 Cox researched cert prices from various vendors:
 
   http://neo.opn.org/~clif/SSL_CA_Notes.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: and constrained subordinate CA costs?

2005-03-25 Thread Florian Weimer
* Adam Back:

 Does anyone have info on the cost of sub-ordinate CA cert with a name
 space constraint (limited to issue certs on domains which are
 sub-domains of a your choice... ie only valid to issue certs on
 sub-domains of foo.com).

Is there a technical option to enforce such a policy on subordinated
CAs?

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]