--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20220809175618.GA9423%40thinkstation.cmpxchg8b.net.
Matthew’s understanding matches mine. As far as I’m aware, the only requirements in currently place are that the following reason codes are either explicitly prohibited or non-sensical for end-entity TLS certificates:
Any other reason code can be assigned for any reason. This will change in October, when the new Mozilla policy that Matthew pointed out comes into effect.
Thanks,
Corey
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAKh5S0a1RxXsYuU74EXN8VPXxzgSV__rGwFVA%3DuUMB%3DxXLFimg%40mail.gmail.com.
>I have a question about the revocation of the root certificate. I have not
>found "Reasons for Revoking a Root CA Certificate" chapter in the BRs.
That's because it's... well...
The handling of CA root certificates is particularly problematic because
there’s no effective way to replace or revoke them. Consider what would be
required to revoke a CA root certificate. These are self-signed, which means
that the certificate would be revoking itself. In the presence of such a
revocation applications can react in one of three ways: they can accept the
CRL that revokes the certificate as valid and revoke it, they can reject the
CRL as invalid because it was signed by a revoked certificate, or they can
crash, and some applications will indeed crash in this situation. Since
revocation of a self-signed certificate is the PKI version of Epimenedes
paradox “All Cretans are liars” and PKI applications are unlikely to be
coded to deal with self-referential paradoxes, crashing is a perfectly valid
response.
Peter.
Hi Peter,
Comments inline.
> What do you think, is it an acceptable practice, if the Root CA revokes its self-signed certificate and puts this revocation information into the CARL signed by the (revoked(?)) Root CA private key? (Subscribers of the NR-CA are the subordinate CA owners only.)
I think it’s acceptable and currently allowed, but largely ceremonial and insufficient for Relying Parties (clients) to distrust the root certificate. Checking the status of self-signed root certificates used as trust anchors is largely never done by clients. Additionally, revoking the certificate does not relieve the CA’s obligation to continue operating the root CA in accordance with browser policy, including periodic audits. The CA would have to request removal of the CA from the browser trust store and wait for its removal to be relieved of the ongoing compliance requirements.
Peter answered this quite well, although I have heard reasonable arguments that the root CA certificate appearing on a CRL that the CA itself issued is the clearest signal that it is revoked. It’s on the CRL either due to explicit action by the CA, or an attacker has gained control of the root key material and is using the key material to issue a CRL that revokes the certificate. In either case, the root should no longer be trusted.
Thanks,
Corey
From: dev-secur...@mozilla.org <dev-secur...@mozilla.org> On Behalf Of Peter Mate Erdosi
Sent: Tuesday, February 13, 2024 4:59 AM
To: dev-secur...@mozilla.org
Cc: Tavis Ormandy <tav...@gmail.com>; Matthew Hardeman <mhar...@gmail.com>; dev-secur...@mozilla.org <dev-secur...@mozilla.org>; Jeremy Rowley <jeremy...@digicert.com>
Subject: Re: BR revocation question
Dear all,
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/4607eddf-5d61-4bdb-b589-fc19796d7f03n%40mozilla.org.
So, we have an allowed solution, which provides three different certificate status answers based on the verifier's software:based on the CARL:- good- revoked- crashed.
By the way, which nextUpdate should be inserted into the CARL containing revoked Root CA certificate if- not all subordinate CA certificates are revoked, or- all subordinate CA certificates are revoked?
Hi Aaron,
> A date no more than 12 months beyond thisUpdate. The acceptable validity intervals do not depend on the status of the issuing CA.
Agreed on no more than 12 months, but for a different reason.
If there is no longer a valid certification path from a root trusted in Mozilla to the issuing CA in question, then that issuing CA is no longer in scope of policy and thus is relieved of all compliance requirements, including those regarding its publication of revocation information about certificates it has issued. For example, a subordinate TLS serverauth CA that no longer has a valid certification path to a Mozilla-trusted root no longer needs to issue CRLs for end-entity certificates it may have issued.
However, as I mentioned in my previous email, roots are not removed from Mozilla policy scope by the CA revoking the self-signed certificate through publication of a CRL. Rather, they are removed from scope by Mozilla removing them from its root store. Until that removal occurs, the root CA must continue to be operated in accordance with root program policy, which would include compliance with the BRs. Specifically, this would include the issuance and publication of CRLs for the certificates it has issued in accordance with the requirements in the BRs (i.e., issue CRLs at least once every 12 months).
Thanks,
Corey
From: Aaron Gable <aa...@letsencrypt.org>
Sent: Thursday, February 15, 2024 11:38 AM
To: Peter Mate Erdosi <per...@gmail.com>
Cc: Corey Bonnell <Corey....@digicert.com>; dev-secur...@mozilla.org
Subject: Re: BR revocation question
On Thu, Feb 15, 2024 at 12:47 AM Peter Mate Erdosi <per...@gmail.com> wrote: