[cabfpub] Ballot 108: Clarifying the scope of the baseline requirements

Ryan Sleevi sleevi at google.com
Tue Jul 30 17:17:46 UTC 2013 

On Mon, Jul 29, 2013 at 2:59 PM, Geoff Keating <geoffk at apple.com> wrote:
> Kelvin said:
>
>> I prefer to drop any mention of the MS or Netscape SGC OIDs. These OIDs have been obsolete for over a decade and have ceased to have any meaning on MS platforms since Windows 2000.
>
> Then on 29/07/2013, at 1:57 PM, Ryan Sleevi <sleevi at google.com> wrote:
>
>> They're still respected (for better or worse) by Apple, NSS, and Android.
>
> If I recall my 20th-century history, these were for upgrading from 40-bit to 128-bit symmetric crypto, right?

Yup.

>
> No recent Apple OS supports 40-bit crypto in TLS (at all---it doesn't have the code to do it).  The OS might have the OID number included for display purposes.
>

Not just display purposes - also validation. Same with the other
products I listed, which is why I made sure to include them in the BR
scope.

If you check the most recent open source that Apple has made available
(10.8.3), you'll see that Netscape/Microsoft SGC OIDs are still
accepted as valid OIDs when verifying a server certificate for the SSL
policy.

The respective code is at
http://www.opensource.apple.com/source/Security/Security-55179.11/libsecurity_apple_x509_tp/lib/tpPolicies.cpp
, in the tp_verifySslOpts function.

To write up the function in psuedo-code:
 - If verifying as a server, expect to find the Server Auth OID
 - Otherwise, if verifying as a client, expect to find the Client Auth OID
 - Any of the following OIDs are acceptable:
   - The [server/client] auth OID from above
   - Any EKU
   - If verifying as an IPSec+SSL policy, then the IPSec EKU
   - If verifying as a server, Microsoft & Netscape SGC
 - If no acceptable OIDs were found, bounce/reject the cert.

So, with the above code, a certificate that lacked SSL client/server
auth OIDs, but had Microsoft/Netscape SGC OIDs would be accepted.

This is actually a common practice - you can actually see the issues
that the absence of this behaviour causes at
https://bugzilla.mozilla.org/show_bug.cgi?id=737802 , in which Comodo
has several cross-signed and intermediate CA certificates issued with
step-up/SGC OIDs but *not* Server Auth. See
https://bugzilla.mozilla.org/show_bug.cgi?id=737802#c2

Cheers,
Ryan

More information about the Public mailing list