6 Apr 2008 09:25
Re: CA=True for an OCSP certficat
Tom Gindin <tgindin <at> us.ibm.com>
2008-04-06 07:25:39 GMT
2008-04-06 07:25:39 GMT
I don't think that your statement below that a v3 certificate with BC but no KeyUsage is an error is a correct reading. However, I think that it would be better than the current rule, which seems to be the first sentence of the second paragraph of 18.104.22.168, "This extension (referring to keyUsage) MUST appear in certificates that contain public keys that are used to validate digital signatures on other public key certificates or CRLs". If I may summarize, in RFC 3280 a certificate with BasicConstraints.CA set must contain keyUsage if keyCertSign or cRLSign conditions actually apply, but need not do so if they don't. I would favor either requiring that keyUsage be present in any certificate which contains a basicConstraints extension with CA true, or changing 6.1.4 (n) to suggest that verification reject any v3 intermediate certificate without the keyCertSign bit set, rather than allowing v3 intermediate certificates without keyUsage present. Can anyone think of any legitimate reason why a CA should issue a certificate with CA true but no keyUsage extension present? Does any existing CA software issue v3 intermediate certificates without a keyUsage extension? Tom Gindin Peter Sylvester <Peter.Sylvester <at> edelweb.fr> Sent by: owner-ietf-pkix <at> mail.imc.org 04/04/2008 07:04 AM To Jean-Marc Desperrier <jmdesp <at> free.fr> cc pkix <ietf-pkix <at> imc.org> Subject Re: CA=True for an OCSP certficat Jean-Marc Desperrier wrote: > Santosh Chokhani wrote: >> RFC 3280 is pretty clear on what determines a CA. It is based on basic constraints for version 3 certificates and out of band means for version 1 and 2. See section 22.214.171.124 (Basic Constraints) and step k in Section 6.1.4. >> > Now we're getting to something interesting. > > So for retro-compatibility reasons, a proper implementation of RFC3280 should accept a certification path where one of the CA certificate has Basic Contraint CA=True but has no Key Usage extension. > > I don't feel really at ease with that. > Indeed. But we are hear in a different case as I initially described. Since RFC 3280 makes restrictions, and the tool in question is determining whether the CA creates good certficats, a V3 cert with BC and no Keyusage is an error. I agree with Santosh that if one allows such a cert to participate in the path validation game (i.e. one with CA=true and no keyusage) it would be accepted as signing certficat. The question is whether it should be allowed to play. That's a different problem. At least one can appreciate that the path validation algorithm is a concrete thing. This would be different for example if two rules would be replaced by 'If the certficat can sign certificats ...' > I'd be really wary when encoutering such a case and I'm not sure it corresponds to a very useful need. > It is non conformant, but at least we know what the path validation algorithm is doing. > But so be it, and does give weight to Peter's argument that any cert with BC including CA=True should be handled as a CA cert in all cases. > In fact I said the contrary, Santosh and Steve did say that. I don't care as long as the definition can be understood by a tester and as long as the tool does not reject valid certificats and puts them into an understandable category. I have no idea what a user expects "Can this cert be used to sign other certs" or "Does this cert belong to some (certification) authority"? Of what type is a cert of a TSAuthority? Assume CA=true or CA=false? > >> RFC 3280 is also clear that CA certificate need not contain key usage extension, let alone have key cert Sign bit. See step n in Section 6.1.4. >> > It would be extremely dangerous to allow a certificate to act as a > certificate issuer if it has a key usage extension without the key > cert Sign bit set and fortunately step n does not do that, it only > allows through certificates with a *missing* key usage extension. Yes, Wasn't there a famous bug several years ago in some widely deployed software that allowed an end-entity to become CA? -- -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.