The current specification seems a bit ambiguous regarding whether a PEM
certificate chain includes the root CA certificate.
Most of the time the root CA shouldn't be included in a certificate
chain sent by a TLS server. However, there are circumstances in which it
is essential; namely, when DANE is used. As such, it's essential that a
client have some way to get the root certificate. Since the current
certificate retrieval protocol no longer uses link rel=up, the only way
with the specification as it stands is to always include the root
certificate in the chain.
Options:
1. Clarify the specification to state that the root certificate must
always appear in the chain at the end. Clients should be advised to
pop the root certificate if they are procuring certificate chains
for non-DANE applications only. Failure to do so will result in
unnecessary but harmless transmission of the root certificate
during TLS handshakes.
2. Don't include the root certificate but provide a way to retrieve it,
e.g. via a Link header.
3. Clarify the specification to state that the root certificate must
not appear in the chain, and that roots must be retrieved using the
AIA URL inside the final certificate in the chain if it is needed.
This minimises the chance of clients for non-DANE applications
messing up and provides a viable method for discovery of the root
CA for applications which need it.
I'd support option 1 or option 3 equally. Either way, I think this
should be clarified.
Thoughts?
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
