[Servercert-wg] Critical Name Constraints (Was: Re:Question on BR 3.2.2.6)

Tadahiko Ito tadahi-ito at secom.co.jp
Tue Mar 3 01:46:26 MST 2020 

I was not aware of that thread, but I agree Dimitris that we need to treat that issue carefully.

First of all, I personally know existence of IoT devices which access webserver. 
 # they are not our customer nor my acquaintance. I am not sure such usage exist for our customer or not.
I am not sure if those devices can handle that" critical" (or even firmware update), because of constraint resource.
I feel such practices should not done with webPKI, but they just exist, so I believe we need to care influences.

In the other hand, many intermediate cert has EKU of client-auth and server-auth.
don't we need to check certificate consumer of client-auth?

Regards Tadahiko Ito

-----------------------------------------------------------------------

Date: Tue, 3 Mar 2020 09:19:38 +0200
From: "Dimitris Zacharopoulos (HARICA)" <dzacharo at harica.gr>
To: Ryan Sleevi <sleevi at google.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List
	<servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] Critical Name Constraints (Was: Re:
	Question on BR 3.2.2.6)
Message-ID: <af175960-5fdc-f107-8e04-e9ad650e8b17 at harica.gr>
Content-Type: text/plain; charset="utf-8"; Format="flowed"



On 2020-02-29 12:30 ?.?., Ryan Sleevi wrote:
> I see. That was answered on the original thread. The short answer: No, 
> it does not, except where it's explicitly designed to break (i.e. why 
> you make them critical).
>
> If you have data to believe otherwise, different from that shared on 
> the thread from last year, that would be great to share to be mindful of.

I'd first like to remind people about the previous thread 
(https://cabforum.org/pipermail/servercert-wg/2019-October/001196.html). 
It was a rather short thread, comparing to other much longer discussions 
:-) Most Members have been silent on this topic and I'm still trying to 
figure out which of the following is true:

 1. CAs are just not using name constraints so they don't care about the
    outcome
 2. CAs are using name constraints and are ok with forcing the extension
    to be "critical".

Having been involved with name constraints for years, I find it very 
difficult to see the latter being true.

HARICA uses name constraints for several subCAs. Over the years we have 
seen implementations in opensource tools/applications/services that 
would break if the extension was critical. We still see legacy systems 
and unsupported software using TLS Certificates. Some of our Subscribers 
complain that certain Relying Parties with old and unsupported devices 
can't browse sites. These are all cases that would have availability 
issues with TLS.

On the other hand, Certificate Consumers that account for the majority 
of the webPKI (those participating in the SCWG), already honor and use 
this extension, thus the majority of the webPKI Relying Parties are 
currently protected. What benefit would the WebPKI have if this 
extension was forced to be "critical", other than just removing an 
"exception" to an RFC?


Dimitris.

More information about the Servercert-wg mailing list