The BRs requires certificates to comply with RFC 5280, and that all
extensions meet the requirements of 7.1.2.4 of the BRs. Mozilla Root CA
Policy 5.2 prohibits both incorrect extensions and invalid DER encoding.
These two entries are distinct in policy, as the “invalid DER” rule
unambiguously sets restrictions on the encoding rules being adhered to,
while the “incorrect extensions” addresses any semantic violation of the
encoding (since both of those cases are possible to encode in DER, but
their extension definition says you MUST NOT encode entries like that
because they do not conform to the extension’s textual definition.
The expectation is that if there is a defined ASN.1 module for the
extension being included within a certificate, the CA will observe that
encoding (Moz Policy 5.2 - “invalid DER”) and semantics (“incorrect
extensions”) as defined by the entity responsible for that OID namespace
(BRs 7.1.2.4), and as stated in the CA’s CP/CPS (BRs & Moz Policy).
I don’t think 7.1.2.4, or Section 5.2 of Mozilla Policy, can be read as
“The only things in certificates that need to be properly encoded are those
explicitly defined or referenced in RFC 5280,” as that would prohibit the
effective deployment of any new extensions. Given that RFC 5280 was
explicitly meant to be extendable by a variety of other documents, and
through its use of OIDs, without the explicit consent of or coordination
with the IETF, taking the narrow view very rapidly leads to logical
inconsistencies.
For example, to take the narrow “only explicitly in 5280” view, then any
DER encoding errors within the subjectPublicKeyIdentifier are totally
permissible - because the relevant algorithms aren’t described by,
normatively referenced by, not explicitly update 5280. Instead, RFCs like
RFC 3447 stand alone, but are used by these other RFCs. With this narrow
view, it would be saying that there is carte blanche to ignore normative
requirements in any extensible field. That is, any field with an OID can
have whatever value or semantics that the CA wants, without violating
policy, unless and until such policy explicitly states “you have to follow
this precise rule.” For example, if the CA/Browser Forum defined a new
extension for validation purposes, it would have to explicitly state in the
BRs not just that they must use/include this extension, but that they have
to properly encode it as defined by that extension - otherwise, CAs could
“use” it while simultaneously misencoding it.
The broad view is supported by RFC5280, in that extensions are given the
syntax and text within it. That is, extensions are defined as:
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains the DER encoding of an ASN.1 value
-- corresponding to the extension type identified
-- by extnID
}
And Section 4.2 of RFC5280 places restrictions through the text, by
stating that the extnValue will be the DER encoding of the relevant
ASN.1 value.
The qcStatements extension has a defined ASN.1 module set by the
authority responsible for that extension namespace. In this case, the
CA has clearly violated that syntax, and thus failed to uphold Section
4.2 of RFC5280 by producing invalid DER for the defined semantics of
that extension, thus violating 7.1.2.4 of the BRs. In addition to that
/ independent of that violation, by failing to uphold Section 4.2 of
RFC5280, it explicitly violates 5.2 of the Mozilla policy. That is, it
was so important a policy requirement that it exists twice - in the
BRs and in Mozilla Policy - and is alternatively worded so as to
explicitly prohibit any confusion by CAs about the expectations.