Continuing refinements of MRSP v2.8 Section 6.1.1 (Revocation Reasons)

[aarongable]

Unfortunately I was on vacation while the final rounds of discussion on Revocation Reasons were wrapping up, so I didn't get a good look at the final-final version until after it was merged and published. Now the whole team has conducted a thorough review of the published text and we have a few questions, comments, and clarifications.

I'm sorry to resurrect the specter of this discussion, but some of the comments seem large enough that I would prefer to raise them now when there is still an opportunity for a potential v2.8.1 prior to October, rather than wait for them to be litigated by whatever CA is unlucky enough to have the first revocation-related incident after October 1st.

6.1.1 End Entity TLS Certificate CRLRevocation Reasons

This section applies to revocations that are performed after October 1, 2022. Revocation entries that appeared on a CRL prior to October 1, 2022, do NOT need to be changed as a result of this section.

Some of the requirements of this section (for example, that the "subscriber agreement... MUST inform certificate subscribers about the revocation reasons list above...") do not seem to "apply to revocations" so much as "apply to CA operators". When do these provisions go into effect? Do they have an effective date of June 1, 2022, along with the rest of this version, or do they have an effective date of October 1, 2022, along with the rest of this section?

When an end entity TLS certificate (i.e. a certificate capable of being used for TLS-enabled servers) is revoked for one of the reasons below, the specified CRLReason MUST be included in the reasonCode extension of the CRL entry corresponding to the end entity TLS certificate. When the CRLReason code is not one of the following, then the reasonCode extension MUST NOT be provided:

• keyCompromise (RFC 5280 CRLReason 1);
• privilegeWithdrawn (RFC 5280 CRLReason 9)**;
• cessationOfOperation (RFC 5280 CRLReason 5);
• affiliationChanged (RFC 5280 CRLReason 3); or
• superseded (RFC 5280 CRLReason 4).

The CA operator's subscriber agreement for TLS end entity certificates MUST inform certificate subscribers about the revocation reason options listed above and [provide explanation about when to choose each option][Revocation-Reasons]. Tools that the CA operator provides to the certificate subscriber MUST allow for these options to be easily specified when the certificate subscriber requests revocation of their certificate, with the default value being that no revocation reason is provided (i.e. the default corresponds to the CRLReason “unspecified (0)” which results in no reasonCode extension being provided in the CRL).

** The privilegeWithdrawn reasonCode does not need to be made available to the certificate subscriber as a revocation reason option, because the use of this reasonCode is determined by the CA operator and not the subscriber.

If the certificate is revoked for a reason not listed below, then the reasonCode extension MUST NOT be provided in the CRL.

keyCompromise

The CRLReason keyCompromise MUST be used when one or more of the following occurs:

• the CA operator obtains verifiable evidence that the certificate subscriber’s private key corresponding to the public key in the certificate suffered a key compromise;
• the CA operator is made aware of a demonstrated or proven method that exposes the certificate subscriber’s private key to compromise;
• there is clear evidence that the specific method used to generate the private key was flawed;
• the CA operator is made aware of a demonstrated or proven method that can easily compute the certificate subscriber’s private key based on the public key in the certificate (such as a Debian weak key, see https://wiki.debian.org/TLSkeys); or
• the certificate subscriber requests that the CA operator revoke the certificate for this reason, with the scope of revocation being described below.

The scope of revocation depends on whether the certificate subscriber has proven possession of the private key of the certificate. A CSR alone does not prove possession of the certificate’s private key for the purpose of initiating a revocation.

• If anyone requesting revocation for keyCompromise has previously demonstrated or can currently demonstrate possession of the private key of the certificate, then the CA operator MUST revoke all instances of that key across all subscribers.
• If the certificate subscriber requests that the CA operator revoke the certificate for keyCompromise, and has not previously demonstrated and cannot currently demonstrate possession of the associated private key of that certificate, the CA operator MAY revoke all certificates associated with that subscriber that contain that public key. The CA operator MUST NOT assume that it has evidence of private key compromise for the purposes of revoking the certificates of other subscribers, but MAY block issuance of future certificates with that key.

When the CA operator obtains verifiable evidence of private key compromise for a certificate whose CRL entry does not contain a reasonCode extension or has a reasonCode extension with a non-keyCompromise reason, the CA operator SHOULD update the CRL entry to enter keyCompromise as the CRLReason in the reasonCode extension. Additionally, the CA operator SHOULD update the revocation date in a CRL entry when it is determined that the private key of the certificate was compromised prior to the revocation date that is indicated in the CRL entry for that certificate.

Note: Backdating the revocationDate field is an exception to best practice described in RFC 5280 (section 5.3.2); however, this policy specifies the use of the revocationDate field to support TLS implementations that process the revocationDate field as the date when the certificate is first considered to be compromised.

Otherwise, the keyCompromise CRLReason MUST NOT be used.

privilegeWithdrawn

The CRLReason privilegeWithdrawn is intended to be used when there has been a subscriber-side infraction that has not resulted in keyCompromise, such as the certificate subscriber provided misleading information in their certificate request or has not upheld their material obligations under the subscriber agreement or terms of use.

Unless the keyCompromise CRLReason is being used, the CRLReason privilegeWithdrawn MUST be used when:

• the CA operator obtains evidence that the certificate was misused;
• the CA operator is made aware that the certificate subscriber has violated one or more of its material obligations under the subscriber agreement or terms of use;
• the CA operator is made aware that a wildcard certificate has been used to authenticate a fraudulently misleading subordinate fully‐qualified domain name;
• the CA operator is made aware of a material change in the information contained in the certificate;
• the CA operator determines or is made aware that any of the information appearing in the certificate is inaccurate; or
• the CA operator is made aware that the original certificate request was not authorized and that the Subscriber does not retroactively grant authorization.

Otherwise, the privilegeWithdrawn CRLReason MUST NOT be used.

cessationOfOperation

The CRLReason cessationOfOperation is intended to be used when the website with the certificate is shut down prior to the expiration of the certificate, or if the subscriber no longer owns or controls the domain name in the certificate. This revocation reason is intended to be used in the following circumstances:

• the certificate subscriber no longer controls, or is no longer authorized to use, all of the domain names in the certificate;
• the certificate subscriber will no longer be using the certificate because they are discontinuing their website; or
• the CA operator is made aware of any circumstance indicating that use of a fully‐qualified domain name or IP address in the certificate is no longer legally permitted (e.g. a court or arbitrator has revoked a domain name registrant’s right to use the domain name, a relevant licensing or services agreement between the domain name registrant and the applicant has terminated, or the domain name registrant has failed to renew the domain name).

I believe that this bulleted-list format of highly-specific situation descriptions is likely to be interpreted as normative text, despite the "intended to be used" language at the top. In particular, the "will no longer be using the certificate" situation is not reflected in the reasons below (for example, they could still own the domain, but simply turn off their web server), which will lead to confusion especially regarding the question of "how much of the text in this section does the final sentence's 'Otherwise' cover?".

I suggest that this intro paragraph be shortened and elided into something more like: "The CRLReason cessationOfOperation is intended to be used when the website with the certificate is shut down prior to the expiration of the certificate, if the subscriber no longer owns or controls the domain name in the certificate, or if the subscriber is no longer legally permitted to own or control the domain name in the certificate".

Unless the keyCompromise CRLReason is being used, the CRLReason cessationOfOperation MUST be used when:

What about situations where both a privilegeWithdrawn qualification and a cessationOfOperation qualification apply? For example, the Let's Encrypt Subscriber Agreement states "If at any time You no longer control the Internet domain names associated with any of Your Certificates... You will immediately request that ISRG revoke the affected Certificates.". If an applicant buys a domain, then requests that Let's Encrypt revoke any older certs issued to that domain's previous owner, then two things are true: 1) Let's Encrypt has received verifiable evidence that the previous subscriber is no longer authorized to use the domain in the certificate (therefore Let's Encrypt MUST use cessationOfOperation); and 2) the previous subscriber is in material violation of the subscriber agreement because they did not request to revoke as soon as they no longer controlled the domain (therefore Let's Encrypt MUST use privilegeWithdrawn).

As was discussed on the mailing list, I believe there needs to be an explicit hierarchy of reasons. I think this paragraph header should be: " Unless the keyCompromise or privilegeWithdrawn reason is being used, the CRLReason cessationOfOperation MUST be used when:"

• the certificate subscriber has requested that their certificate be revoked for this reason; or
• the CA operator has received verifiable evidence that the certificate subscriber no longer controls, or is no longer authorized to use, all of the domain names in the certificate.

Otherwise, the cessationOfOperation CRLReason MUST NOT be used.

affiliationChanged

The CRLReason affiliationChanged is intended to be used to indicate that the subject's name or other subject identity information in the certificate has changed, but there is no cause to suspect that the certificate’s private key has been compromised.

Unless the keyCompromise CRLReason is being used, the CRLReason affiliationChanged MUST be used when:

Similar to the above, I believe this sentence needs to list all of the other reasons which should take precedence over it. However, since the second bullet point below actually implies that superseded also takes precedence over affilicationChanged, I belive that this sentence should list all four other reason codes, and that this whole section should be moved to after the superseded section for sake of easy reading: "Unless the keyCompromise, privilegeWithdrawn, or cessationOfOperation, or superseded CRLReason is being used, the CRLReason affiliationChanged MUST be used when:"

• the certificate subscriber has requested that their certificate be revoked for this reason; or
• the CA operator has replaced the certificate due to changes in the certificate’s subject information and the CA has not replaced the certificate for the other reasons: keyCompromise, superseded, cessationOfOperation, or privilegeWithdrawn.

As noted above, this bullet point can remove the references to the other four revocation reasons, because they will be referenced in the first sentence of the paragraph.

Otherwise, the affiliationChanged CRLReason MUST NOT be used.

superseded

First, I want to note that none of the language below references the certificate being replaced. This feels very odd to me -- the common meaning of "superseded" is that something has been replaced or supplanted, not simply disposed of. Is it appropriate to use the "superseded" reason code in situations where the certificate has been revoked (e.g. for having a one-second-too-long validity period) but not replaced? The text below suggests Yes, a common english understanding of the word suggests No. I think that if we are going to redefine the word to not imply replacement, that should be explicitly noted and called out in the section text.

The CRLReason superseded is intended to be used to indicate when:

• the certificate subscriber has requested a new certificate to replace an existing certificate; or
• the CA operator obtains reasonable evidence that the validation of domain authorization or control for any fully‐qualified domain name or IP address in the certificate should not be relied upon; or
• the CA operator has revoked the certificate for compliance reasons such as the certificate does not comply with this policy, the CA/Browser Forum's Baseline Requirements, or the CA operator’s CP or CPS.

Again, I suspect like this highly-specific paragraph will be treated as normative text and lead to bitter discussion over the intent and meaning of the text. I suggest that it be simplified to something like: "The CRLReason superseded is intended to be used to indicate when the CA operator needs to revoke and replace the certificate for reasons not covered by the other reason codes above, such as because the certificate was issued with a non-compliant validity period or extension."

Unless the keyCompromise CRLReason is being used, the CRLReason superseded MUST be used when:

And again, update this sentence to include all of the higher-priority reasons: "Unless the keyCompromise, privilegeWithdrawn, or cessationOfOperation CRLReason is being used, the CRLReason superseded MUST be used when:"

• the certificate subscriber has requested that their certificate be revoked for this reason; or
• the CA operator has revoked the certificate due to domain authorization or compliance issues other than those related to keyCompromise or privilegeWithdrawn.

Otherwise, the superseded CRLReason MUST NOT be used.

[WilsonKathleen]

Some of the requirements of this section (for example, that the "subscriber agreement... MUST inform certificate subscribers about the revocation reasons list above...") do not seem to "apply to revocations" so much as "apply to CA operators". When do these provisions go into effect? Do they have an effective date of June 1, 2022, along with the rest of this version, or do they have an effective date of October 1, 2022, along with the rest of this section?

October 1, 2022.

I have updated https://wiki.mozilla.org/CA/Root_Store_Policy_Archive#2.8 to indicate this expectation as well.

[WilsonKathleen]

As was discussed on the mailing list, I believe there needs to be an explicit hierarchy of reasons.

I have added https://wiki.mozilla.org/CA/Revocation_Reasons#Hierarchy_of_Reasons

[WilsonKathleen]

I believe that this bulleted-list format of highly-specific situation descriptions is likely to be interpreted as normative text, despite the "intended to be used" language at the top.

If this turns out to actually be a problem, then it can be addressed in a policy update.

how much of the text in each section does the final sentence's 'Otherwise' cover?

The 'Otherwise' sentence applies to the full text within each section. e.g. the reason code cessationOfOperation SHOULD be used for the items listed as "intended", and MUST be used for the items listed as "MUST".

For example, if the certificate subscriber still owns the domain name and just turns off their web server without revoking their certificate, the CA operator is not responsible for revoking the certificate unless the CA operator becomes aware of keyCompromise or the subscriber agreement not being followed, or until the CA operator receives verifiable evidence that the certificate subscriber no longer controls, or is no longer authorized to use, all of the domain names in the certificate.

I have added this information to https://wiki.mozilla.org/CA/Revocation_Reasons#Hierarchy_of_Reasons

[WilsonKathleen]

I believe that all of the concerns raised in this Issue have been addressed by updates to https://wiki.mozilla.org/CA/Root_Store_Policy_Archive#2.8 and https://wiki.mozilla.org/CA/Revocation_Reasons#Hierarchy_of_Reasons

So I think this issue can be closed.

[aarongable]

Thank you for the comments and clarifications! These are very helpful as we work towards Oct 1st.