[Cryptography] Blue Coat has been issued a MITM encryption certificate
Erwann ABALEA
erwann at abalea.com
Tue May 31 12:54:37 EDT 2016
Bonjour,
2016-05-31 16:34 GMT+02:00 Phillip Hallam-Baker <phill at hallambaker.com>:
>
>
> On Sun, May 29, 2016 at 8:55 AM, Stephen Farrell <
> stephen.farrell at cs.tcd.ie> wrote:
>
>>
>>
>> On 29/05/16 02:35, Henry Baker wrote:
>> > FYI --
>> >
>> > http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
>> >
>> > A Controversial Surveillance Firm Was Granted a Powerful Encryption
>> Certificate
>> > Written by Joseph Cox, Contributor
>>
>> Yeah, two things strike me:
>>
>> 1 - yay for certificate transparency - CAs behaving oddly being spotted
>> and outed is good
>>
>> 2 - what kind of "testing" would require symantec to issue a CA
>> cert with path-len 0 and for symanetec to hold the private key? I
>> can't figure anything that makes sense unless symantec were thinking
>> of actively helping blue coat spoof web sites better, maybe at
>> run-time, or on a case-by-case basis - or am I missing something?
>>
>> Cheers,
>> S.
>
>
> For the benefit of us who can't remember, what is the effect of path-len 0?
>
A CA certificate containing a BasicConstraints with pathLenConstraint=0
means that this CA certificate can only be used to verify an end-entity
certificate, or a CA certificate that doesn't issue any certificate, but
not a CA certificate that itself would issue another certificate (either CA
or end-entity).
To simplify:
CA(BC:pathLenConstraint=0) -> end-entity : OK
CA(BC:pathLenConstraint=0) -> CA(anything) : OK
CA(BC:pathLenConstraint=0) -> CA(anything) -> any certificate : NOT OK
As in, what is the effect on systems out there in the wild as opposed to
> what does the spec say. Is there a difference and if so for what systems?
>
> Does 0 = infinity? Probably not in the spec but what about elsewhere?
>
0 is not infinity. Infinity is expressed as the absence of the
pathLenConstraint field.
Some not so old versions of GnuTLS didn't correctly verify the
pathLenConstraint, at least. I think it was corrected in 2014.
OpenSSL, NSS, MSCAPI, and Opera are OK. Don't know about PolarSSL/mbedTLS
or other smaller TLS stacks.
--
Erwann.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160531/d6c2d743/attachment.html>
More information about the cryptography
mailing list