[Servercert-wg] [Ext] [EXTERNAL]Re: Critical Name Constraints (Was: Re: Question on BR 3.2.2.6)

[Paul Hoffman]

On Mar 4, 2020, at 2:03 PM, Kurt Roeckx via Servercert-wg <servercert-wg at cabforum.org> wrote:
> 
> On Wed, Mar 04, 2020 at 06:36:04PM +0000, Keshwarsingh Nadan via Servercert-wg wrote:
>>> The question is about what a Root CA, unambiguously in-scope of the BRs, is allowed to sign. Can it sign a "thing" (as I hesitate to call it a Certificate) that violates RFC 5280? Is that permitted for any CA in scope? Because that's what is being proposed by saying nameConstraints on an S/MIME Sub-CA can be non-critical.
>> 
>> Technically yes, a Root CA can sign a “thing” or “any|thing” and would not violate RFC5280 as RFC in itself is not a standard. BRs are built using RFC as a building block.
> 
> RFC5280 is a standard. RFC5280 doesn't really limit the CA for
> signing things, it leaves that to the CA to have a policy about
> it, and the user to review that policy. But RFC5280 does have
> some requirements about things like the format of a certificates.
> 
> But we're discussion the BRs here. It places limits on the policy
> of the CA, among other things which certicates it can sign. It
> clearly can not sign anything it wants.

To be pedantic here, the BRs should place limits on what the private key associated with CA member's public key can be used for. A CA will likely have many public/private key pairs, only some of which will be used by CABForum relying parties. All public/private key pairs that are covered by the BRs should absolutely have limits put on their use.

(We had similar discussions to this in the careful word formulations for RFCs 2549, 3280, and 5280.)

--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3935 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200304/ee467046/attachment.p7s>