Re: and constrained subordinate CA costs?
Erwann ABALEA [EMAIL PROTECTED] writes: On Fri, 25 Mar 2005, Florian Weimer wrote: * Adam Back: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on sub-domains of foo.com). Is there a technical option to enforce such a policy on subordinated CAs? Yes, the nameConstraints extension. But nobody checks it, and since this extension MUST be critical as per RFC3280, it invalidates the CA certificate that includes it, making it useless, for now. Not necessarily, some implementations also ignore the critical flag, so the cert is treated as valid, although the entire extension is ignored. However a corollary of this is that because of the hit-and-miss nature of support for the extension, you can't rely on it unless you carefully control all of the software that's used to process certs and make sure that it handles everything correctly. (Even if your app supports name constraints, there are some rather arcane matching rules in the spec that a number of apps get wrong, so there's a whole range of behaviours that you can encounter when you put a nameConstraints extension in a cert). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: and constrained subordinate CA costs?
On Mar 25, 2005, at 11:55, Florian Weimer wrote: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on sub-domains of foo.com). Is there a technical option to enforce such a policy on subordinated CAs? There's an X.509v3 NameConstraints extension (which the higher CA would include in the lower CA's cert) but I have the impression that ends system software does not widely support it. And of course if you don't flag it critical, it's not very effective. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: and constrained subordinate CA costs?
On Fri, Mar 25, 2005 at 04:02:36PM -0600, Matt Crawford wrote: There's an X.509v3 NameConstraints extension (which the higher CA would include in the lower CA's cert) but I have the impression that ends system software does not widely support it. And of course if you don't flag it critical, it's not very effective. Well I would say downright dangerous -- if its not flagged critical and not understood, right? Implication would be an intended constrained subordinate CA would be able to function as an unconstrained subordinate CA in the eyes of many clients -- free ability to forge any domain in the global SSL PKI. Adam On Fri, Mar 25, 2005 at 04:02:36PM -0600, Matt Crawford wrote: On Mar 25, 2005, at 11:55, Florian Weimer wrote: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on sub-domains of foo.com). Is there a technical option to enforce such a policy on subordinated CAs? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: and constrained subordinate CA costs?
On Mar 25, 2005, at 16:06, Adam Back wrote: There's an X.509v3 NameConstraints extension (which the higher CA would include in the lower CA's cert) but I have the impression that ends system software does not widely support it. And of course if you don't flag it critical, it's not very effective. Well I would say downright dangerous -- if its not flagged critical and not understood, right? Implication would be an intended constrained subordinate CA would be able to function as an unconstrained subordinate CA in the eyes of many clients -- free ability to forge any domain in the global SSL PKI. Exactly. (Just like the root CAs in the browser's shipped list. :-) And if it's marked critical, the certificate is no damn use to almost anyone. Chicken, meet egg. Egg, chicken. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: and constrained subordinate CA costs?
* Adam Back: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on sub-domains of foo.com). Is there a technical option to enforce such a policy on subordinated CAs? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
