Insufficient requirements on NB-TLS client certificate key usage
Section 4.5 of certificate-governance.md is insufficient. The current text says:
Beware that self-signed certificates should also contain the key usage Certificate signing (keyCertSign), so that OpenSSL can verify the (self) signature of the certificate.
As we learned during the dry-run, this is not a SHOULD, but a MUST. Or has this changed to just be a recommendation?
In case this is a MUST, then I would also recommend to lift this into the table above
Field
Value
Subject
cn=<non-empty and unique common name>, o=<Provider>, c= <Member State of the NB>
Key Usage
digital signature (at minimum) keyCertSign (If the certificate is self signed)
Extended Key Usage
client authentication (1.3.6.1.5.5.7.3.2)
Note: that the requirement is really in error as there is no support for the requirement of keyCertSign in any of the open standards of PKI, but if this key usage is required any way due to how current tools work, then it should be made mor clear.
An example that highlights the contradiction is the following requirement from RFC 5280:
The keyCertSign bit is asserted when the subject public key is used for verifying signatures on public key certificates. If the keyCertSign bit is asserted, then the cA bit in the basic constraints extension (Section 4.2.1.9) MUST also be asserted
That is: A certificate with keyCertSign set, MUST be a CA, which is not true for the TLS client. But I'm really not trying to change this requirement at this point, just making sure it is is clearly stated. Some comment on this contradiction may however be in place.
Insufficient requirements on NB-TLS client certificate key usage
Section 4.5 of certificate-governance.md is insufficient. The current text says:
As we learned during the dry-run, this is not a SHOULD, but a MUST. Or has this changed to just be a recommendation?
In case this is a MUST, then I would also recommend to lift this into the table above
keyCertSign (If the certificate is self signed)
Note: that the requirement is really in error as there is no support for the requirement of keyCertSign in any of the open standards of PKI, but if this key usage is required any way due to how current tools work, then it should be made mor clear.
An example that highlights the contradiction is the following requirement from RFC 5280:
That is: A certificate with keyCertSign set, MUST be a CA, which is not true for the TLS client. But I'm really not trying to change this requirement at this point, just making sure it is is clearly stated. Some comment on this contradiction may however be in place.