[cabfpub] Ballot 108: Clarifying the scope of the baseline requirements
Ryan Sleevi
sleevi at google.com
Tue Jul 30 17:17:46 UTC 2013
On Mon, Jul 29, 2013 at 2:59 PM, Geoff Keating <geoffk at apple.com> wrote:
> Kelvin said:
>
>> I prefer to drop any mention of the MS or Netscape SGC OIDs. These OIDs have been obsolete for over a decade and have ceased to have any meaning on MS platforms since Windows 2000.
>
> Then on 29/07/2013, at 1:57 PM, Ryan Sleevi <sleevi at google.com> wrote:
>
>> They're still respected (for better or worse) by Apple, NSS, and Android.
>
> If I recall my 20th-century history, these were for upgrading from 40-bit to 128-bit symmetric crypto, right?
Yup.
>
> No recent Apple OS supports 40-bit crypto in TLS (at all---it doesn't have the code to do it). The OS might have the OID number included for display purposes.
>
Not just display purposes - also validation. Same with the other
products I listed, which is why I made sure to include them in the BR
scope.
If you check the most recent open source that Apple has made available
(10.8.3), you'll see that Netscape/Microsoft SGC OIDs are still
accepted as valid OIDs when verifying a server certificate for the SSL
policy.
The respective code is at
http://www.opensource.apple.com/source/Security/Security-55179.11/libsecurity_apple_x509_tp/lib/tpPolicies.cpp
, in the tp_verifySslOpts function.
To write up the function in psuedo-code:
- If verifying as a server, expect to find the Server Auth OID
- Otherwise, if verifying as a client, expect to find the Client Auth OID
- Any of the following OIDs are acceptable:
- The [server/client] auth OID from above
- Any EKU
- If verifying as an IPSec+SSL policy, then the IPSec EKU
- If verifying as a server, Microsoft & Netscape SGC
- If no acceptable OIDs were found, bounce/reject the cert.
So, with the above code, a certificate that lacked SSL client/server
auth OIDs, but had Microsoft/Netscape SGC OIDs would be accepted.
This is actually a common practice - you can actually see the issues
that the absence of this behaviour causes at
https://bugzilla.mozilla.org/show_bug.cgi?id=737802 , in which Comodo
has several cross-signed and intermediate CA certificates issued with
step-up/SGC OIDs but *not* Server Auth. See
https://bugzilla.mozilla.org/show_bug.cgi?id=737802#c2
Cheers,
Ryan
More information about the Public
mailing list