[x500standard] Re: Processing of extended key usage extension

These seem like good ideas.  I've never seen an intermediate certificate with an extended key usage extension, and this may be part of the reason that Microsoft's implementation of extended key usage hasn't caused much of a problem.  Unfortunately, the reason that I found out about Mozilla's plans is that they intend to actively encourage the inclusion of extended key usage extensions in intermediate certificates that include currently defined key purpose OIDs (http://www.mozilla.org/projects/security/certs/policy/WorkInProgress/InclusionPolicy.html):

• For a certificate to be considered technically constrained, the certificate MUST include an Extended Key Usage (EKU) extension specifying all extended key usages that the subordinate CA is authorized to issue certificates for. The anyExtendedKeyUsage KeyPurposeId MUST NOT appear within this extension.

• If the certificate includes the id-kp-serverAuth extended key usage, then the certificate MUST include the Name Constraints X.509v3 extension. The Name Constraints extension MUST contain a dNSName permittedSubtrees constraint that only contains domains for which the issuing CA has confirmed that the subordinate CA has registered or has been authorized by the domain registrant to act on the registrant's behalf. If there are no such dNSNames (e.g. because the certificate is for issuing IP-address-based certificates), then the certificate MUST contain a dNSNames constraint that prohibits all DNS names.

• If the certificate includes the id-kp-emailProtection extended key usage, then all end-entity certificates MUST only include e-mail addresses or mailboxes that the issuing CA has confirmed (via technical and/or business controls) that the subordinate CA is authorized to use.

• If the certificate includes the id-kp-codeSigning extended key usage, then the certificate MUST contain a directoryName permittedSubtrees constraint where each permittedSubtree contains the organizationName, localityName (where relevant), stateOrProvinceName (where relevant) and countryName fields of an address that the issuing CA has confirmed belongs to the subordinate CA.
  

Mozilla's draft policy imposes additional requirements on CA certificates that are not "technically constrained."

The general response on the Mozilla web site (https://bugzilla.mozilla.org/show_bug.cgi?id=725351) seems to be "everyone else is ignoring the X.509 semantics for extended key usage, so why shouldn't Mozilla?".  I asked why, if everyone feels that the X.509 semantics are wrong, no one has proposed a change to the standard. The only response I've gotten so far cam from Brian Smith who said "I expect that will happen as part of the WebPKI effort at the IETF."  I would certainly hope the IETF wouldn't try to use the Web PKI Operations working group (assuming one forms) to try to change the semantics of an X.509 extension.  Any change would have to be made in X.509, not in the IETF, and get the impression from the discussions on this list that there isn't interest in changing X.509.

Dave

On 10/27/2012 10:43 AM, Michael Ströder wrote: