[openssl-dev] [openssl.org #3621] Support legacy CA removal, ignore unnecessary intermediate CAs in SSL/TLS handshake by default

Mon Dec 15 16:24:03 UTC 2014

On Po, 2014-12-15 at 14:48 +0000, Viktor Dukhovni wrote:
> On Mon, Dec 15, 2014 at 09:23:26AM -0500, Salz, Rich wrote:
> 
> > > For what it's worth, I have tested the Alexa top 1 million servers with the -
> > > trusted_first option and haven't found a single server that looses its trusted
> > > status, on the other hand, good few percent of servers do gain it.
> > 
> > It's worth a great deal.  Thanks!  I love fact-based analysis. :)
> 
> This can break DANE TLSA verification, because the site's designated
> trust anchor might no longer be in the shorter constructed chain.
> 
> It won't break Postfix because it does not support PKIX-TA(0) or
> PKIX-EE(1), and with DANE-TA(2), Postfix disables all default CAs
> using only the wire chain and any full TA keys from DNS.

Yes, this can be possibly broken by this change although I don't believe
there are many (or any at all?) real world cases of such configuration.

> However, it could break other applications.  This might include
> applications that have specifically configured a short list of CAs
> to trust (perhaps just one for a particular peer, rather than the
> usual browser bundle).

Please enlighten me how this case could be broken by this change of
default? If the trust anchor is not found in the trust list, the
intermediate that is sent by the peer is followed anyway.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)