[cabfpub] Name Constraints, Auditing and EKU

Rob Stradling rob.stradling at comodo.com
Fri Apr 26 09:59:44 UTC 2013 

On 25/04/13 20:28, Rob Stradling wrote:
> On 25/04/13 17:42, Erwann Abalea wrote:
>> Le 23/04/2013 23:28, Rob Stradling a écrit :
>>> On 23/04/13 21:50, Ryan Hurst wrote:
>>> <snip>
>>>> Additionally notice the logic is gated by the signing key; even in CA
>>>> delegated the delegated responder can not sign for any other CA in the
>>>> hierarchy -- only those within its scope.
>>>>
>>>> I am confident Windows behaves this way
>>>
>>> Disagree.
>>>
>>> ~30% of the Root Certificates distributed by the Microsoft Root
>>> Certificate Program are enabled by default for the "OCSP Signing"
>>> trust purpose.  AIUI, this means that they are trusted to sign (or
>>> issue Delegated OCSP Response Signer certs that can sign) OCSP
>>> Responses _for any cert that chains to any trusted Root_!!
>>
>> Interested by this information, I parsed the CAB file containing the
>> root certificates distributed by Microsoft. Attached to every root
>> certificate is a set of EKU, and yes, 81 root certificate (among 352) do
>> have the id-kp-ocspSigning EKU associated with them.
>> Does that really mean that these root certificates can act as a "Trusted
>> Responder" for all the roots?
>
> Hi Erwann.  I've exchanged a few emails with Ryan off-list, and he is
> sure that the answer is "No".  And I hope he's right!

Ryan, I'm forwarding this message from Carl Wallace (who can't post to 
this list himself)...

"No" was not correct as of a few years ago (probably ~2010).  This was 
tested using a non-default TA with the OCSP signing property enabled. 
The tests feature two certificates that chained to a different TA: one 
revoked and one not revoked.  These certificates included an AIA that 
pointed to a properly functioning OCSP responder.  An OCSP responder was 
operated using a certificate from a CA signed by the TA with the OCSP 
signing property enabled.  By altering a hosts file to direct traffic to 
our responder, the status of the two certificates could be flipped vs 
when traffic went to the real responder.  The responses signed by the 
"locally trusted" responder were accepted just fine.  A report was 
prepared but unfortunately was never made public as far as I know.

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list