[cryptography] validating SSL cert chains & timestamps

David-Sarah Hopwood david-sarah at jacaranda.org
Mon Dec 20 23:24:17 EST 2010


On 2010-12-20 18:46, travis+ml-rbcryptography at subspacefield.org wrote:
> So a co-worker ran into this lately;
> 
> libnss, at least on Linux, checks that the signing cert (chain) is valid
> at the time of signature - as opposed to present time.  (It may check
> present time as well - not sure on that).

https://tools.ietf.org/html/rfc3280#section-6.1

#  The algorithm presented in this section validates the certificate
#  with respect to the current date and time.  A conformant implementation
#  MAY also support validation with respect to some point in the past.
[...]
# 6.1.3 Basic Certificate Processing
#
#  The basic path processing actions to be performed for certificate i
#  (for all i in [1..n]) are listed below.
#
#     (a)  Verify the basic certificate information.  The certificate
#     MUST satisfy each of the following:
#
#        (1)  The certificate was signed with the
#        working_public_key_algorithm using the working_public_key and
#        the working_public_key_parameters.
#
#        (2)  The certificate validity period includes the current time.
#
#        (3)  At the current time, the certificate is not revoked and is
#        not on hold status.  This may be determined by obtaining the
#        appropriate CRL (section 6.3), status information, or by out-
#        of-band mechanisms.
[...]

There are no other checks relating to validity period, so NSS is noncompliant.
File a bug.

(I checked for existing reports of this in Product: NSS, but couldn't find
any. https://bugzilla.mozilla.org/show_bug.cgi?id=216695 might be relevant,
I'm not sure.)

> This makes for problems if you renew the cert, since the new cert will
> have a creation date of the current time, after the object was signed.
> Can anyone think of why this would be a good thing?

No, it's a bad thing. There are enough false-positive cert errors without
adding yet another cause of them.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20101221/d5e430b8/attachment.asc>


More information about the cryptography mailing list