Nelson Bolyard wrote: > Eddy Nigg (StartCom Ltd.) wrote, On 2008-02-08 14:47: > > >> [...] any limitation put into place by the >> CA will be essentially _useless_!!!! The system is already compromised, >> why would you believe that it's still bound to a certain domain? There >> is no way to limit a CA certificate to a certain domain name only. >> > > Eddy, I think perhaps you misunderstand what Frank was saying. > > The rest of your argument in the message to which I am reply seems to > hinge on this assumption that "there is no way to limit a [subordinate] > CA to a certain domain". But in fact there *IS* a way for a superior > CA to constrain the name space in which a subordinate CA may issue certs. > Certs issued by the subordinate CA that attempt to certify names outside > of the constrained space fail to pass validation checks. > Thanks Nelson! As you indicated in your previous mail, neither you nor did I ever see such a restricted CA in real life. If this is the case with the intermediate CA issued by WISeKey, one quarter or my argument wouldn't be valid. Maybe....
...and only maybe, because the user using an application with NSS (being it FF, TB or anything else) is the relying party, not the XYZ customer of some sub CA. It could be me, you or anybody else receiving a mail or visiting a site which was issued from such a compromised system. Hence it just limits the scope of the compromise, not the severity itself. Therefore even if the CA indeed limits the domain with the name constraints, the relying party can still fall victim. It's a very common mistake to think that digital certification is about the subscriber or issuer, but it's really about the relying parties, Mozilla itself being one... > The superior CA puts a "Name Constraints" extension into the subordinate > CA's cert. Those extensions will be examined in the course of verifying any > cert issued by the subordinate CA. If the extension says (say) > "Only names in the domain foo.com" and the subordinate CA attempts to > issue a cert for a name in bar.com, that cert will not pass verification. > > Or it shouldn't. But see bug 394919. > This bug actually confirms that NSS can't handle name constraints correctly....not nice... -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
