(quick correction to my prior email: the certificates issued by the
intermediate are valid for up to 15 months in that example, and the
key is retired when it cannot sign anything with a validity less than
12 months.)
-Kyle H
On Mon, Apr 28, 2014 at 4:10 PM, Kyle Hamilton <
aero...@gmail.com> wrote:
On Fri, Apr 25, 2014 at 6:59 AM, Erwann Abalea <
eab...@gmail.com> wrote:
> Le vendredi 25 avril 2014 13:46:51 UTC+2, Martin Paljak a écrit :
Edited to add:
(quick correction to my prior email: the certificates issued by the
intermediate are valid for up to 15 months in that example, and the
key is retired when it cannot sign anything with a validity less than
12 months.)<div class="gmail_extra"><br><br><div
class="gmail_quote">On Mon, Apr 28, 2014 at 4:10 PM, Kyle Hamilton
<span dir="ltr"><<a href="mailto:
aero...@gmail.com"
target="_blank">
aero...@gmail.com</a>></span>
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div
dir="ltr"><br><div><div><div><div class=""><div><span
style="font-family:arial,helvetica,sans-serif">On Fri, Apr 25, 2014 at
6:59 AM, Erwann Abalea <eabalea@gm</span><a href="
http://ail.com"
target="_blank">
ail.com</a>> wrote:<br>> Le vendredi 25 avril
2014 13:46:51 UTC+2, Martin Paljak a écrit :<br>
>> On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson <<a
href="mailto:
kwi...@mozilla.com"
target="_blank">
kwi...@mozilla.com</a>> wrote:<br>>> >
Also, we added a section to the wiki page to list some behavior
changes that<br>
>> > could cause a website certificate to no longer validate
with Firefox 31.<br>>> > <a
href="
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes"
target="_blank">
https://wiki.mozilla.org/<wbr>SecurityEngineering/mozpkix-<wbr>testing#Behavior_Changes</a><br>
>><br>>> What is the rationale for
this:<br>>><br>>> 4. Mozilla::pkix performs chaining based
on issuer name alone, and<br>>> does not require that issuer's
subject key match the authority key<br>
>> info (AKI) extension in the certificate. Classic verification
enforces<br>>> the AKI restriction.<br>><br>> AKI is only
a helper for certificate path building.<br>> It's mandatory for CAs
to issue certificates with matching keyIdentifiers
(issued.AKI.keyIdentifier = issuer.SKI), but it's not mandatory for
relying parties to verify that the values match.<br>
<br></div></div><div>Erwann (and
all),<br></div><div><br><div><div><div><div><div><div><span
style="font-family:courier new,monospace"><span
style="font-family:arial,helvetica,sans-serif">AKI is necessary for
multiple public keys used by the same
Subject certifier. It's particularly useful for a "rolling chain" of
public keys, each one used to sign certificates within a given period of
months, but with overlapping validity periods.<br></span><br>0
3 6 9 12
15 18 21
24
27<br>|uuuuu|vvvvv|vvvvv|vvvvv|<wbr>vvvvv|.....|.....|.....|.....|<br></span></div><span
style="font-family:courier
new,monospace">|.....|uuuuu|vvvvv|vvvvv|<wbr>vvvvv|vvvvv|.....|.....|.....|<br>
</span></div><span style="font-family:courier
new,monospace">|.....|.....|uuuuu|vvvvv|<wbr>vvvvv|vvvvv|vvvvv|.....|.....|<br></span></div><span
style="font-family:courier
new,monospace">|.....|.....|.....|uuuuu|<wbr>vvvvv|vvvvv|vvvvv|vvvvv|.....|<br>
</span></div><div><span style="font-family:courier
new,monospace">|.....|.....|.....|.....|<wbr>uuuuu|vvvvv|vvvvv|vvvvv|vvvvv|<br></span></div><div><span
style="font-family:courier new,monospace"><br></span></div><span
style="font-family:arial,helvetica,sans-serif">In
this diagram, 'u' means "in use". 'v' means "valid". The
numbers at
the top refer to 'counted months'. So, in this case, the private keys
are used for 3 months while their issued certificates are valid for up
to 12 months. There are 5 potential keys, identifiable only through the
use of the AKID extension.<br><br></span></div><span
style="font-family:arial,helvetica,sans-serif">Yes,
the certified entity is supposed to provide its verifiable chain, back
to the root (but not including the root)... at least, according to
TLS, and other IETF Security
working-area client protocols. But, it's not mandatory per PKIX, and
it's also not mandatory per X.509, either.<br><br></span></div><span
style="font-family:courier new,monospace"><span
style="font-family:arial,helvetica,sans-serif">I believe this to be a
poor design decision on the part of Mozilla.<br>
</span></span><div><span
style="font-family:arial,helvetica,sans-serif"><br></span></div><span
style="font-family:arial,helvetica,sans-serif">-Kyle H<br></span><span
style="font-family:arial,helvetica,sans-serif"><br></span></div>
</div></div></div></div>
</blockquote></div><br></div>