[147252] in cryptography@c2.net mail archive
Re: [Cryptography] PRISM-Proofing and PRISM-Hardening
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sat Sep 21 18:18:47 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAG5KPzwJpTdwyFMjkwx2-pq2ZJMsB+VtstULWKVOGA34+0pkMw@mail.gmail.com>
Date: Thu, 19 Sep 2013 18:09:25 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Ben Laurie <ben@links.org>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2501359489611488703==
Content-Type: multipart/alternative; boundary=001a11c37a0899d9a204e6c3ce63
--001a11c37a0899d9a204e6c3ce63
Content-Type: text/plain; charset=ISO-8859-1
On Thu, Sep 19, 2013 at 4:15 PM, Ben Laurie <ben@links.org> wrote:
>
>
>
> On 18 September 2013 21:47, Viktor Dukhovni <cryptography@dukhovni.org>wrote:
>
>> On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
>>
>> > > This is only realistic with DANE TLSA (certificate usage 2 or 3),
>> > > and thus will start to be realistic for SMTP next year (provided
>> > > DNSSEC gets off the ground) with the release of Postfix 2.11, and
>> > > with luck also a DANE-capable Exim release.
>> >
>> > What's wrong with name-constrained intermediates?
>>
>> X.509 name constraints (critical extensions in general) typically
>> don't work.
>>
>
> No. They typically work. As usual, Apple are the fly in the ointment.
>
The key to make them work is to NOT follow the IETF standard and to NOT
mark the extension critical.
If the extension is marked critical as RFC 5280 demands then the
certificates will break in Safari (and very old versions of some other top
tier browsers).
If the extension is not marked critical as CABForum and Mozilla recommend
then nothing breaks and the certificate chain will be correctly processed
by every current edition of every top tier browser apart from Safari.
The peculiar insistence that the extension be marked critical despite the
obvious fact that it breaks stuff is one of the areas where I suspect NSA
interference.
--
Website: http://hallambaker.com/
--001a11c37a0899d9a204e6c3ce63
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Thu, Sep 19, 2013 at 4:15 PM, Ben Laurie <span dir=3D"ltr"><<=
a href=3D"mailto:ben@links.org" target=3D"_blank">ben@links.org</a>></sp=
an> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><br><div class=3D"gmail_ext=
ra"><br><br><div class=3D"gmail_quote"><div class=3D"im">On 18 September 20=
13 21:47, Viktor Dukhovni <span dir=3D"ltr"><<a href=3D"mailto:cryptogra=
phy@dukhovni.org" target=3D"_blank">cryptography@dukhovni.org</a>></span=
> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div>On Wed, Sep 18, 2013 at 08:04:04PM +010=
0, Ben Laurie wrote:<br>
<br>
> > This is only realistic with DANE TLSA (certificate usage 2 or 3),=
<br>
> > and thus will start to be realistic for SMTP next year (provided<=
br>
> > DNSSEC gets off the ground) with the release of Postfix 2.11, and=
<br>
> > with luck also a DANE-capable Exim release.<br>
><br>
> What's wrong with name-constrained intermediates?<br>
<br>
</div>X.509 name constraints (critical extensions in general) typically<br>
don't work.<br></blockquote><div><br></div></div><div>No. They typicall=
y work. As usual, Apple are the fly in the ointment.</div></div></div></div=
></blockquote><div><br></div><div>The key to make them work is to NOT follo=
w the IETF standard and to NOT mark the extension critical.</div>
<div><br></div><div>If the extension is marked critical as RFC 5280 demands=
then the certificates will break in Safari (and very old versions of some =
other top tier browsers).</div><div><br></div><div>If the extension is not =
marked critical as CABForum and Mozilla recommend then nothing breaks and t=
he certificate chain will be correctly processed by every current edition o=
f every top tier browser apart from Safari.</div>
<div><br></div><div><br></div><div>The peculiar insistence that the extensi=
on be marked critical despite the obvious fact that it breaks stuff is one =
of the areas where I suspect NSA interference.=A0</div><div><br></div><div>
<br></div></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://=
hallambaker.com/</a><br>
</div></div>
--001a11c37a0899d9a204e6c3ce63--
--===============2501359489611488703==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2501359489611488703==--
