#113: Add advice about the tls-feature TLS extension RFC7633 standardizes the TLS Feature certificate extension. This could potentially be included in a certificate to signal that a TLS server MUST send the CT TLS extension (if the TLS client indicated support for it) when it sends this particular certificate. However, since this would prevent the use of the other SCT distribution mechanisms (embedded in cert; embedded in stapled OCSP response) in conjunction with this cert, it seems like it would be an unnecessarily limiting thing to do.
Having said that, perhaps we could specify our own semantics for what it means to include the CT TLS extension number in the TLS Feature certificate extension - e.g. that the TLS server MUST send at least 1 SCT via _any_ of the supported distribution mechanisms (if the TLS client indicated support for the CT TLS extension). Tom Ritter pointed out [1] that using the TLS Feature certificate extension in an end-entity certificate... "...wouldn't solve the generic problem of letting a site owner dictate that CT should always be enabled for their domain. The reason I'm critical of 7633 is that it only applies to a single certificate[0]. If I want to 'enforce' CT for a single certificate, via a x509 extension... I could just put the CT x509 extension in the certificate." However, Tom went on to advocate using TLS Feature in CA certificates... "[0] Now technically where 7633 really comes into play and is very useful is when it's included in intermediates or (my pounding heart be still) - root certs. In *that* case it would work great for requiring CT... but not for site owners, for certificate authorities. A CA is assured that all the certs it issues will be publicly logged, and it can use this as a check against misissuance. I think that's great... but it still doesn't help site owners. =)" So I suggest that we specify that... - CAs SHOULD NOT (or MUST NOT?) include the CT TLS extension number in the TLS Feature certificate extension in end-entity certificates, because there are (or we expect that there will be) better ways to require CT compliance for single certificates. - CAs MAY include the CT TLS extension number in the TLS Feature certificate extension in root/intermediate certificates, to indicate that CT compliance is required for all certs whose chains involve this root/intermediate certificate. Any other opinions? [1] https://groups.google.com/a/chromium.org/d/msg/ct-policy/AGN23TW- ei8/0lQXUX56BQAJ -- -------------------------------------+------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: enhancement | Status: new Priority: minor | Milestone: Component: rfc6962-bis | Version: Severity: - | Keywords: -------------------------------------+------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/113> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
