[cabfpub] CT Precertificates and the BRs

Ryan Sleevi sleevi at google.com
Tue Jan 14 19:10:51 UTC 2014

On Tue, Jan 14, 2014 at 10:35 AM, Rick Andrews <Rick_Andrews at symantec.com>wrote:

> > -----Original Message-----
> > From: Ben Laurie [mailto:benl at google.com]
> > Sent: Tuesday, January 14, 2014 5:49 AM
> > To: Gervase Markham
> > Cc: Rick Andrews; Mads Egil Henriksveen; public at cabforum.org
> > Subject: Re: [cabfpub] CT Precertificates and the BRs
> >
> > On 14 January 2014 10:04, Gervase Markham <gerv at mozilla.org> wrote:
> > > On 14/01/14 04:41, Rick Andrews wrote:
> > >> Ben, the poison extension only ensures it can't be used in SSL with
> > >> modern browsers. We recently had to use the poison extension to
> > >> create a BR-incompatible SSL cert for a non-browser app.
> > >
> > > Surely if the non-browser app in question understands what the
> > "poison
> > > extension" means, then it's not a poison extension any more, it's
> > just a
> > > critical extension that one app understands :-)
> >
> > Exactly, and no app should understand the CT poison extension.
> Exactly, but my point is that there are non-browser applications out there
> that a) don't understand poison critical extensions, and b) don't fail on
> poison critical extensions that they don't understand. That's what allowed
> this SSL cert to work for our non-browser customer.
> I'm trying to say that the poison extension is poison only to applications
> that correctly implement critical extension handling. There are probably
> even some very old browser versions that don't handle critical extensions
> properly. The poison extension isn't as watertight as we might like.
> -Rick
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public


I think we need to be *very* careful on how much we allow legacy to hold us
back, and under what situations. There's a tricky balance between
valid-but-undesirable behaviours (such as accepting hostnames in CNs) and
out-and-out buggy behaviour (such as mishandling critical extensions).

Applications that fail to implement critical extension handling have almost
certainly botched many other elements of the certificate processing, so I
don't think we should let them be the lower bar. I also have no doubt
they're in the vast minority of SSL/TLS users - and, if not, then by God
they should be, with security like that...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140114/bb987577/attachment-0003.html>

More information about the Public mailing list