[Cryptography] The EFF 650 CAs lie

Ben Laurie ben at links.org
Tue May 5 04:57:56 EDT 2020

On Wed, 29 Apr 2020 at 20:44, Phillip Hallam-Baker <phill at hallambaker.com>

> Ideally, an intermediate issuer would be constrained using PKIX
> constraints. Unfortunately, the PKIX specification and the Apple
> implementation make that impossible as some idiot thought it a good idea to
> require constraints be marked critical (i.e. use the break if the extension
> is not understood feature) and Apple's browser didn't understand them at
> the time. One of the sad mistakes in PKIX was giving the criticality flag a
> name that caused people to mistake it for meaning 'this is very very
> important'. It means nothing of the sort it means 'break everything if this
> is not understood'. And it should never be used unless failing to
> understand an extension would cause an invalid cert to be considered valid.

Which is exactly why constraints had to be critical.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200505/4e9784dc/attachment.htm>

More information about the cryptography mailing list