[Servercert-wg] Subscriber key pair generation by the CA

Ryan Sleevi sleevi at google.com
Fri May 29 08:43:52 MST 2020


I actually tried to address that scenario, as it was very much one I was
anticipating :)

The check is based on the certificate you issue. If the key is one you
generated previously (e.g. for S/MIME or client auth), then you have to
reject the request and cannot issue a certificate.

The logical implication of this is that you need to keep track of the keys
you generated for your customers (public keys, mind you), so that you can
reject such requests if the customer later applies to reuse that key.
Similar to keys that are revoked for key compromise, there isn't a lifetime
set on that retention period - it grows as an unbounded set.

On Thu, May 28, 2020 at 9:57 PM Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:

> I only deal in edge cases. :)
>
> Okay, the follow up to that. What obligation does the ca have to check
> that a key isn't being used for tls that they generate for smime or client
> auth? We've been looking at key reuse (in connection with revocation) and
> there does seem to be some sharing of keys between certs.
> ------------------------------
> *From:* Ryan Sleevi <sleevi at google.com>
> *Sent:* Thursday, May 28, 2020 7:47:24 PM
> *To:* Jeremy Rowley <jeremy.rowley at digicert.com>
> *Cc:* Clint Wilson <clintw at apple.com>; CA/B Forum Server Certificate WG
> Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] Subscriber key pair generation by the CA
>
> Always with the edge cases ;) It's good to be thinking about that, though!
>
> As worded, the definitions for CA say:
> Certification Authority: An organization that is responsible for the
> creation, issuance, revocation, and management of Certificates. The term
> applies equally to both Roots CAs and Subordinate CAs.
>
> So the question is which organization is generating the key. If I generate
> key on my MacBook Pro, using an Apple-provided copy of BoringSSL, would it
> be reasonable to say that Apple generated my Key Pair? I don't think so, so
> I think you'd be fine.
>
> If your software makes a webservice call to some DigiCert endpoint, and
> this DigiCert endpoint generates a key pair and returns it, I would say
> yes, DigiCert did generate the key pair then.
>
> On Thu, May 28, 2020 at 9:07 PM Jeremy Rowley <jeremy.rowley at digicert.com>
> wrote:
>
> Question. Would this be violated if the CA had software that was on prem
> at the client that incorporated a key gen tool? Technically it's the tool
> generating the key, but it is software provided by the CA. Is that
> considered a violation?
> ------------------------------
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of
> Ryan Sleevi via Servercert-wg <servercert-wg at cabforum.org>
> *Sent:* Thursday, May 28, 2020 4:03:31 PM
> *To:* Clint Wilson <clintw at apple.com>
> *Cc:* CA/B Forum Server Certificate WG Public Discussion List <
> servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] Subscriber key pair generation by the CA
>
> https://github.com/sleevi/cabforum-docs/pull/25
>
> On Thu, May 28, 2020 at 5:06 PM Clint Wilson <clintw at apple.com> wrote:
>
> We’re supportive of incorporating this into the browser alignment ballot.
> Thanks for spotting and raising this, Adriano!
>
> On May 27, 2020, at 7:04 AM, Ryan Sleevi <sleevi at google.com> wrote:
>
> This seems like something easy to add to the Browser Alignment draft
> ballot, and something Google would support.
>
> Mike, Clint: Do you have opinions here on behalf of Microsoft and Apple?
> I'm loathe to add additional requirements after y'all already reviewed, but
> this does seem worth tackling.
>
> On Wed, May 27, 2020 at 9:37 AM Adriano Santoni via Servercert-wg <
> servercert-wg at cabforum.org> wrote:
>
> All,
>
> tt seems to me there's an inconsistency between §5.2 of Mozilla Root
> Policy, which very clearly prohibits CAs from generating Subscribers' key
> pairs for SSL Server certs, and §6.1.2 of the BR which seemingly allows
> that. It would seem logical, and should not harm any CAs, if it was
> clarified in the BR that subscriber key pair generation by the CA is not
> allowed, in line with the requirement set forth in Mozilla Root Policy.
>
> What do the people here think?
>
> Adriano
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200529/16732a51/attachment-0001.html>


More information about the Servercert-wg mailing list