[cabfpub] CT Precertificates and the BRs

[Rob Stradling]

RFC6962 (Certificate Transparency) permits a Precertificate to be signed 
by the same CA Name/Key that signs the corresponding Certificate, and 
for the Precertificate and Certificate to share the same Serial Number.

However, BRs Appendix B (4) says:
    "All other fields and extensions MUST be set in accordance with RFC
     5280."
Although the title of Appendix B is "Certificate Extensions", I think 
"fields and extensions" must surely imply that "fields" are the 
non-extension parts of a certificate (such as the serial number).
And since certificate serial numbers are not explicitly mentioned in 
Appendix B, I have to conclude that certificate serial numbers "MUST be 
set in accordance with RFC 5280".
RFC 5280 Section 4.1.2.2 says:
    "The serial number...MUST be unique for each certificate issued by a
     given CA (i.e., the issuer name and serial number identify a unique
     certificate)".

It seems that the practice of using the same CA Name/Key to sign both a 
Precertificate and Certificate is currently _illegal_ under the BRs.

RFC6962 also permits a Precertificate to be signed by a subordinate 
Precertificate Signing Certificate.  This approach doesn't violate 
RFC5280 or the BRs, but some CAs will want to avoid the burden of 
managing a Precertificate Signing Certificate for every subordinate CA 
they operate.  So, Ben Laurie and I have been working on some other 
possible solutions, but our preferred outcome would be for both of the 
Precertificate signing options in RFC6962 to be made legal.

Therefore, I would like to propose updating Appendix B of the BRs so 
that CAs are permitted to sign a Precertificate and a Certificate 
(sharing the same serial number) using the same CA Name/Key.

Would anybody have a problem with that?

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online