[cabfpub] Mozilla SHA-1 further restrictions
Rob Stradling
rob.stradling at comodo.com
Fri Nov 18 15:04:52 UTC 2016
On 18/11/16 14:02, Gervase Markham via Public wrote:
> On 18/11/16 13:48, Doug Beattie wrote:
>> * Do you propose that CAs
>> create new CA certificates every time a new EKU needs to be supported
>> in an end entity certificate?
>
> If we are going to avoid having SHA-1-issuing intermediates out there
> which can also issue server certs, then they are all going to need to be
> EKU-constrained, and so this particular bullet is going to be necessary.
>
>> Please reconsider the EKU requirement in CA certificates (SHA-1 and
>> SHA-256). It's too bad we can't say: AnyEKU except id-kp-serverAuth
>> or id-kp-codeSigning
>
> I can see the issue you are raising, but I wonder if there is a middle
> ground between the current position and "anything in any combination as
> long as no serverAuth". Particularly as, if Erwann is right, the
> pathlen=0 constraint can be bypassed. I'm particularly concerned about
> email, that being the other thing Mozilla's root store now cares about.
>
> What EKUs are commonly combined in an EE cert with
> id-kp-emailProtection, other than id-kp-clientAuth?
crt.sh currently has 302 CA certificates that contain the
id-kp-clientAuth EKU OID and that are trusted by Microsoft and/or
Mozilla and/or Apple.
Here's a summary of the EKU OIDs contained in those 302 intermediate certs:
count | x509_extkeyusages | purpose
-------+--------------------------+--------------------------------
302 | 1.3.6.1.5.5.7.3.4 | id-kp-emailProtection
284 | 1.3.6.1.5.5.7.3.2 | id-kp-clientAuth
104 | 1.3.6.1.5.5.7.3.1 | id-kp-serverAuth
60 | 1.3.6.1.5.5.7.3.9 | id-kp-OCSPSigning
40 | 1.3.6.1.4.1.311.21.5 | szOID_KP_CA_EXCHANGE
37 | 1.3.6.1.5.5.7.3.3 | id-kp-codeSigning
32 | 1.3.6.1.4.1.311.20.2.2 | szOID_KP_SMARTCARD_LOGON
29 | 1.3.6.1.4.1.311.10.3.4 | szOID_EFS_CRYPTO
28 | 1.3.6.1.4.1.311.21.6 | szOID_KP_KEY_RECOVERY_AGENT
26 | 1.3.6.1.4.1.311.20.2.1 | szOID_ENROLLMENT_AGENT
25 | 1.3.6.1.5.5.7.3.8 | id-kp-timeStamping
20 | 1.3.6.1.4.1.311.10.3.4.1 | szOID_EFS_RECOVERY
20 | 1.3.6.1.4.1.311.10.3.11 | szOID_KP_KEY_RECOVERY
20 | 1.3.6.1.4.1.311.21.19 | szOID_DS_EMAIL_REPLICATION
17 | 1.3.6.1.4.1.311.10.3.12 | szOID_KP_DOCUMENT_SIGNING
16 | 1.3.6.1.5.5.7.3.7 | id-kp-ipsecUser
15 | 1.3.6.1.5.5.7.3.5 | id-kp-ipsecEndSystem
15 | 1.3.6.1.5.5.7.3.6 | id-kp-ipsecTunnel
8 | 1.3.6.1.4.1.311.10.3.1 | szOID_KP_CTL_USAGE_SIGNING
6 | 1.3.6.1.5.5.8.2.2 | IP security IKE intermediate
5 | 1.3.6.1.5.5.7.3.14 | id-kp-eapOverLAN
4 | 1.3.6.1.5.5.7.3.17 | id-kp-ipsecIKE
3 | 1.3.6.1.5.2.3.5 | id-pkinit-KPKdc
3 | 1.3.6.1.5.5.7.3.10 | id-kp-dvcs
3 | 1.3.6.1.5.5.7.3.11 | id-kp-sbgpCertAAServerAuth
3 | 1.3.6.1.5.5.7.3.13 | id-kp-eapOverPPP
3 | 1.3.6.1.5.5.7.3.15 | id-kp-scvpServer
3 | 1.3.6.1.5.5.7.3.16 | id-kp-scvpClient
3 | 1.3.6.1.5.5.7.3.20 | id-kp-sipDomain
2 | 1.3.6.1.4.1.16082.2.3.5 | ? Bechtel Corporation
2 | 1.3.6.1.4.1.16082.2.3.6 | ? Bechtel Corporation
2 | 2.16.840.1.114027.40.3 | ? Entrust Technologies
2 | 1.3.6.1.4.1.311.10.3.9 | szOID_ROOT_LIST_SIGNER
1 | 1.3.6.1.4.1.29452.1.1 | ? DigitalPersona, Inc.
1 | 1.2.840.113583.1.1.5 | Adobe Authentic Document
1 | 2.16.840.1.114027.40.11 | ? Entrust Technologies
1 | 2.16.840.114027.40.4 | ? Entrust Technologies
1 | 2.16.840.1.114027.40.4 | ? Entrust Technologies
Useful links:
https://support.microsoft.com/en-gb/kb/287547
https://tools.ietf.org/html/draft-housley-pkix-oids-03
https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list