[SSL Observatory] Name constraints: a reasonable idea that hasn't panned out in practice

=JeffH Jeff.Hodges at KingsMountain.com
Fri Apr 22 16:25:51 PDT 2011 

 >> * why couldn't a Swedish CA be able to deliver a certificate to
 >> *.google.com?

well, I think what Chris was really imagining is mis-issuance of certs, for
(well-known) entities that already have certs, to bad actors who then want to
MITM users of said entities.

 > Perhaps because Google is a US company. Similarly, perhaps we should expect
 > certificates for names in google.se to be signed by a Swedish CA.

that's all layer 9 (ie political/bidniz) stuff, and a quagmire because such
"expectations" don't necessarily map to layer 9 realities.


 > I don't know what a good policy for name constraints would be.

My gut feeling is that "name constraints" as specified in X.509 & PKIX are
pretty much unworkable in the real world (see my prior post).


 > So ideas younger than name constraints have been widely and well implemented
 > already. Maybe nobody really wants name constraints, or maybe there is some
 > technical or other limitation in the idea as currently specified. Maybe we
 > could rectify that.

there were a couple of longish threads wrt Name Constraints (and related cert 
naming issues) recently (in IETF-time) on the certid@ list that may be 
illustrative of the mess of issues involved here...

Re: [certid] Need to define "most specific RDN"
     * From: Nelson B Bolyard <nelson at bolyard.me>
     * To: certid at ietf.org
     * Date: Wed, 14 Jul 2010 08:47:36 -0700
http://www.ietf.org/mail-archive/web/certid/current/msg00248.html


[certid] CN-ID and name constraints

     * From: Matt McCutchen <matt at mattmccutchen.net>
     * To: certid at ietf.org
     * Date: Thu, 23 Sep 2010 21:10:22 -0400
http://www.ietf.org/mail-archive/web/certid/current/msg00381.html


fyi/fwiw, the spec that came out of all the discussions on certid@ (and tls@, 
apps-discuss@, etc) is...

Representation and Verification of Domain-Based Application Service
Identity within Internet Public Key Infrastructure Using X.509 (PKIX)
Certificates in the Context of Transport Layer Security (TLS)
(aka "tls server id check")
http://tools.ietf.org/html/rfc6125

..whose length and complexity should inform the reader about how 
gnarly/unwieldy all this PKIX/X.509 stuff is.

=JeffH

More information about the Observatory mailing list