[17174] in cryptography@c2.net mail archive
Re: and constrained subordinate CA costs?
daemon@ATHENA.MIT.EDU (Matt Crawford)
Mon Mar 28 15:18:01 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 25 Mar 2005 16:34:15 -0600
From: Matt Crawford <crawdad@fnal.gov>
In-reply-to: <20050325220617.GB31331@bitchcake.off.net>
To: Adam Back <adam@cypherspace.org>
Cc: Florian Weimer <fw@deneb.enyo.de>, cryptography@metzdowd.com
On Mar 25, 2005, at 16:06, Adam Back wrote:
>> There's an X.509v3 NameConstraints extension (which the higher CA
>> would
>> include in the lower CA's cert) but I have the impression that ends
>> system software does not widely support it. And of course if you
>> don't
>> flag it critical, it's not very effective.
>
> Well I would say downright dangerous -- if its not flagged critical
> and not understood, right?
>
> Implication would be an intended constrained subordinate CA would be
> able to function as an unconstrained subordinate CA in the eyes of
> many clients -- free ability to forge any domain in the global SSL
> PKI.
Exactly. (Just like the root CAs in the browser's shipped list. :-)
And if it's marked critical, the certificate is no damn use to almost
anyone. Chicken, meet egg. Egg, chicken.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
