<div dir="ltr">Bonjour,<br><div class="gmail_extra"><br><div class="gmail_quote">2016-05-31 16:34 GMT+02:00 Phillip Hallam-Baker <span dir="ltr"><<a href="mailto:phill@hallambaker.com" target="_blank">phill@hallambaker.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Sun, May 29, 2016 at 8:55 AM, Stephen Farrell <span dir="ltr"><<a href="mailto:stephen.farrell@cs.tcd.ie" target="_blank">stephen.farrell@cs.tcd.ie</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
<br>
On 29/05/16 02:35, Henry Baker wrote:<br>
> FYI --<br>
><br>
> <a href="http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/" rel="noreferrer" target="_blank">http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/</a><br>
><br>
> A Controversial Surveillance Firm Was Granted a Powerful Encryption Certificate<br>
> Written by Joseph Cox, Contributor<br>
<br>
</span>Yeah, two things strike me:<br>
<br>
1 - yay for certificate transparency - CAs behaving oddly being spotted<br>
and outed is good<br>
<br>
2 - what kind of "testing" would require symantec to issue a CA<br>
cert with path-len 0 and for symanetec to hold the private key? I<br>
can't figure anything that makes sense unless symantec were thinking<br>
of actively helping blue coat spoof web sites better, maybe at<br>
run-time, or on a case-by-case basis - or am I missing something?<br>
<br>
Cheers,<br>
S.</blockquote><div><br></div></span><div>For the benefit of us who can't remember, what is the effect of path-len 0?</div></div></div></div></blockquote><div><br></div><div>A CA certificate containing a BasicConstraints with pathLenConstraint=0 means that this CA certificate can only be used to verify an end-entity certificate, or a CA certificate that doesn't issue any certificate, but not a CA certificate that itself would issue another certificate (either CA or end-entity).</div><div><br></div><div>To simplify:</div><div> CA(BC:pathLenConstraint=0) -> end-entity : OK</div><div> CA(BC:pathLenConstraint=0) -> CA(anything) : OK</div><div> CA(BC:pathLenConstraint=0) -> CA(anything) -> any certificate : NOT OK</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>As in, what is the effect on systems out there in the wild as opposed to what does the spec say. Is there a difference and if so for what systems?<br></div><div><br></div><div>Does 0 = infinity? Probably not in the spec but what about elsewhere?</div></div></div></div></blockquote><div><br></div><div>0 is not infinity. Infinity is expressed as the absence of the pathLenConstraint field.</div><div><br></div><div>Some not so old versions of GnuTLS didn't correctly verify the pathLenConstraint, at least. I think it was corrected in 2014.</div><div>OpenSSL, NSS, MSCAPI, and Opera are OK. Don't know about PolarSSL/mbedTLS or other smaller TLS stacks.</div></div><div><br></div>-- <br><div class="gmail_signature">Erwann.</div>
</div></div>