[Cryptography] Verisimilitrust
Viktor Dukhovni
cryptography at dukhovni.org
Fri Jan 8 15:44:43 EST 2016
On Fri, Jan 08, 2016 at 11:57:51AM -0700, John Denker wrote:
> 1) Isn't this exactly the sort of problem that NameConstraints were
> supposed to alleviate, at least 15+ years ago?
> https://www.rfc-editor.org/rfc/rfc2459.txt
>
> 2) If not, can somebody explain why not?
>
> Some people on this list are quite contemptuous of NameConstraints,
> but I've never understood the argument. The usual argument seems
> to be: "We refuse to implement them because they are useless because
> we refuse to implement them."
>
> To say the same thing the other way: It seems like a suitably-constrained
> .kz CA would give people an incentive to start respecting the constraints.
The semantics of name constraints are still problematic. There
are name constraints X.400 on names in the non-existent global
X.400 directory, and name constraints on DNS-IDs.
In various implementations DNS name constraints are not applied to
X.400 names, even though applications often validate peers based
on the CN int he X.400 name. Which brings us to the second problem,
the code that's enforcing name constraints if often no the code
doing the name checks, so neither knows what the other is doing.
If FF imports a name-constrained .kz root, they can certainly
restrict it to .kz names in FF, but many O/S distributions import
the FF bundle as a "default" vetted trust store, at which point
the name constraints are likely to not be enforced in many cases.
--
Viktor.
More information about the cryptography
mailing list