[cabfpub] CT Precertificates and the BRs

Rick Andrews Rick_Andrews at symantec.com
Tue Jan 14 19:31:37 UTC 2014

Ryan, I agree with you. I just wanted us all to understand that the poison EKU doesn’t guarantee that the cert can’t be used for SSL somewhere by some app.


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Tuesday, January 14, 2014 11:11 AM
To: Rick Andrews
Cc: Mads Egil Henriksveen; public at cabforum.org
Subject: Re: [cabfpub] CT Precertificates and the BRs

On Tue, Jan 14, 2014 at 10:35 AM, Rick Andrews <Rick_Andrews at symantec.com<mailto:Rick_Andrews at symantec.com>> wrote:
> -----Original Message-----
> From: Ben Laurie [mailto:benl at google.com<mailto:benl at google.com>]
> Sent: Tuesday, January 14, 2014 5:49 AM
> To: Gervase Markham
> Cc: Rick Andrews; Mads Egil Henriksveen; public at cabforum.org<mailto:public at cabforum.org>
> Subject: Re: [cabfpub] CT Precertificates and the BRs
> On 14 January 2014 10:04, Gervase Markham <gerv at mozilla.org<mailto:gerv at mozilla.org>> wrote:
> > On 14/01/14 04:41, Rick Andrews wrote:
> >> Ben, the poison extension only ensures it can't be used in SSL with
> >> modern browsers. We recently had to use the poison extension to
> >> create a BR-incompatible SSL cert for a non-browser app.
> >
> > Surely if the non-browser app in question understands what the
> "poison
> > extension" means, then it's not a poison extension any more, it's
> just a
> > critical extension that one app understands :-)
> Exactly, and no app should understand the CT poison extension.
Exactly, but my point is that there are non-browser applications out there that a) don't understand poison critical extensions, and b) don't fail on poison critical extensions that they don't understand. That's what allowed this SSL cert to work for our non-browser customer.

I'm trying to say that the poison extension is poison only to applications that correctly implement critical extension handling. There are probably even some very old browser versions that don't handle critical extensions properly. The poison extension isn't as watertight as we might like.

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>


I think we need to be *very* careful on how much we allow legacy to hold us back, and under what situations. There's a tricky balance between valid-but-undesirable behaviours (such as accepting hostnames in CNs) and out-and-out buggy behaviour (such as mishandling critical extensions).

Applications that fail to implement critical extension handling have almost certainly botched many other elements of the certificate processing, so I don't think we should let them be the lower bar. I also have no doubt they're in the vast minority of SSL/TLS users - and, if not, then by God they should be, with security like that...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140114/b0d1190d/attachment-0003.html>

More information about the Public mailing list