cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] openssl: allow partial trust chains

From: Tim Ruehsen <tim.ruehsen_at_gmx.de>
Date: Tue, 01 Dec 2015 10:22:28 +0100

On Monday 30 November 2015 18:27:29 Daniel Stenberg wrote:
> On Mon, 30 Nov 2015, Tim Ruehsen wrote:
> >> They are not, and for each and every one of those features we have had
> >> this
> >> discussion of how to deal with them and whether we can enable them by
> >> default or not.
> >
> > Well, you threw the points into the discussion, in my understanding "If we
> > have these features, why not short-cut the checks of the trust chain".
>
> Not quite.
>
> You said a user trusting an intermediate CA would be a bad idea if the CA is
> compromised (unless I'm understanding you wrong). I don't see how, and I
> asked for an explanation. With the full knowledge this may be due to my own
> shortcomings in PKI details.

I admit my limited understanding of signing processes.
Just logic juggling with my limited knowledge:

The CAs are often using intermediate certs to sign the customers certificates
(using the Certificate Signing Request (CSR) from the customers) and not the
root cert. Just in case their signing cert gets compromised, they can exchange
it with a new one, created from their root cert.

If this compromising happens, all formerly signed certs (intermediary or not)
*must* be exchanged as quickly as possible. Together with revoking them via
OCSP and CRL. Because the trust chain is broken. What does 'broken' mean ? It
means that someone now has the private and public part of the intermediate
cert (plus all customers signed certs and CSRs). This attacker now could
easily generate signed server certs at will for whatever purpose.

If not using OCSP, a partial check of the trust chain would never reveal
anything to the (curl) user, even if the rootCA (in fact a intermediate cert)
has been exchange by admin and/or system updates.
Via DNS spoofing or MITM you might be connected to an 'evil' server with a
perfect cert... if you check the full trust chain at this point (with the new
rootCA in your system), you will detect that something evil is going on.

At one point I am unsure: what is the role of the private key of the customers
server (or intermediate) cert. And how is it being used to help in such a
scenario.

BTW, from what I know, intermediate certs are not given to 'normal' companies.
With such you are in the position of a Certificate Authority (CA).

Tim

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-12-01