[openssl-users] [TLS] Update spec to match current practices for certificate chain order

Viktor Dukhovni openssl-users at dukhovni.org
Thu May 7 07:00:17 UTC 2015

On Thu, May 07, 2015 at 08:49:21AM +0300, Yoav Nir wrote:

> > I think there was also discussion on this list at some point suggesting
> > changing that "MAY" for omitting the root CA cert to a "SHOULD" or a
> > "MUST". (I think the argument for the latter was to reduce wasted bandwidth)

Sorry, this is incompatible with use of DANE TLSA records when the
ceritificate usage is DANE-TA(2).  See:


The first of these is currently in IETF LC, the second in DANE WG LC.

> SHOULD is OK, MUST would imply perfect knowledge of how the other side is
> configured.

As you note, there is more than one way to verify certificates,
and the server cannot know exactly which certificates are needed
by the client.  A SHOULD or MUST would be counter-productive.

> The root of trust may or may not be the self-signed certificate.
> But it?s probably always fine to omit the self-signed certificate.

No, not always.

> > Any reason this would be problematic? It'd be a simple change to add
> > for the TLS 1.3 spec that would align things better with real-world usage.
> None that I can think of

You won't be able to say that next time. :-)


More information about the openssl-users mailing list