Internet-Draft | Certificate Preservation for Internet Br | December 2024 |
Liu, et al. | Expires 7 June 2025 | [Page] |
The management of Web PKI certificate resources presents a challenge when the misalignment of ownership and management rights over certificate resources of one organization creating a risk of unilateral suspension and revocation by another competing organizations. This situation undermines the stability of critical infrastructure and affects the integrity of authentication systems. To address these concerns, this document proposes a mechanism that allows Internet browsers to create a customized management view of certificate resources, enabling them to override verification results from specific certification authorities as needed. This approach enhances security, facilitates stakeholder collaboration, and preserves the operational integrity of essential industry systems.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 7 June 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The current SSL/TLS certificate architecture faces challenges due to the increasing centralization of major certificate authorities (CAs), which are controlled by a few institutions. Many critical systems worldwide depend on these centralized CAs, making their verification processes vulnerable to external influences from OCSP, CRL, and CT systems that may have competing interests. This reliance can lead to malicious revocation of certificates, rendering important industry services inaccessible and impacting the national economy.¶
The misalignment of ownership and management rights over certificate resources of one organization (can be a nation or a large group) creates a risk of unilateral suspension and revocation by another competing organizations (can be also a nation or a large group). Addressing this issue requires developing a certificate resource management technology that is compatible with existing authentication systems while allowing organizations to replace the certificate verification results provided by certain certification authority CAs when necessary. Currently, no specific standards exist for these scenarios, some Internet browsers may provide related configurations that ignore all certificate errors or are similar to whitelists. However, generally ignoring all SSL/TLS certificate verification errors is considered unsecure and poses serious security risks.¶
This document proposes a straightforward mechanism for Internet browsers to create a local customized management view of Web PKI certificate resources. It enables organizations to overwrite certificate data or verification results from certain CAs when needed, thus retaining control over their critical certificates. By implementing this local preservation mechanism, organizations can mitigate the risks associated with malicious revocation or the failure to reissue expired certificates. Users can independently assess the validity of certificates, ensuring the stable operation of essential systems and enhancing overall network security across various industries.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The local Web PKI certificate resource preservation mechanism aims to achieve two main goals.¶
+------------+ +-------------+ +------------+ +-------------+ |certificate | | basic | |certificate | | verification| |chain |<-->| verification|<-->|preservation|<-->| result | | | | (RFC5280) | | | | | +------------+ +-------------+ +------------+ +-------------+ Figure 1: the certificate preservation process based on Internet Browser¶
The process of Web PKI certificate resource preservation based on Internet Browser is shown in Figure 1. After completing basic certificate verification following [RFC5280] in the browser, the browser uses the "LocalCertWhiteFilters" defined in section 3.2 to verify whether the serial number "SerialNumber" of the target leaf certificate exists in the whitelist certificate filter item "CertWhiteFilters" of the current local certificate preservation repository, or whether the subject name "subjectName" of the target leaf certificate exists in the whitelist certificate filter item "CertWhiteFilters" of the current local certificate preservation repository, or if the subject alternative name extension "subjectAltName" of the target leaf certificate exists, to verify whether the subject alternative name exists in the whitelist certificate filter item "WhiteCertFilters" of the current local certificate preservation repository. As long as one of the conditions is met, it is matched to the whitelist certificate filter item "CertWhiteFilters" of the current local certificate preservation repository. If a specific error number "ErrorNo" is found during the basic certificate verification process, such as the target leaf certificate being revoked or expired, the current target leaf certificate should be considered valid.¶
According to the definition of "LocalCertBlackAssertions" in Section 3.2 of the local certificate preservation repository, verify whether the serial number "SerialNumber" of the target leaf certificate exists in the blacklist certificate assertion item "CertBlackAssertions" of the current local certificate preservation repository, or verify whether the subject name "subjectName" of the target leaf certificate exists in the blacklist certificate assertion item "CertBlackAssertions" of the current local certificate preservation repository, or if the subject alternative name extension of the target leaf certificate exists, verify whether the "subjectAltName" exists in the blacklist certificate assertion item "CertBlackAssertions" of the current local certificate preservation repository, or verify whether the issuer name "Issuer" exists in the current local certificate preservation repository's blacklist certificate assertion item "CertBlackAssertions", Alternatively, if the issuer alternative name extension of the target leaf certificate exists, verify whether the "issuerAltName" exists in the current local certificate preservation repository's blacklist certificate assertion item "CertBlackAssertions". As long as one of the conditions is met, regardless of whether any errors occur during the basic certificate verification process, the current target leaf certificate should be considered invalid and the browser user should be given a corresponding network certificate status prompt.¶
This mechanism defines and introduces the format of the certificate preservation repository based on JSON files. The local Web PKI certificate resource preservation mechanism or service in the certificate verification process of Internet browsers that comply with this mechanism shall comply with the format specification defined in this section. This mechanism uses ASN. 1 Specific Encoding Rules (DER) to encode the basic fields of the following certificate parameter items and form specific certificate parameter data structures. ASN. 1 DER encoding is an encoding system for the tag, length, and value of each element. For certificate preservation repository based on JSON format files, their local whitelist certificate filters "LocalCertWhiteFilters" and blacklist certificate assertions "LocalCertBlackAssertions" members are specified in JSON format [RFC8259]. JSON members not defined here are not allowed to be used in certificate preservation repository files. The implementation of Internet browsers must treat any deviation from this specification as an error. For the functional version updates related to the specifications in this document, this mechanism increments the "Version" field in the JSON file to indicate the version and functional differences of the local certificate preservation repository.¶
The certificate preservation repository file format based on JSON format is as follows:¶
{ “Version”:1, “LocalCertWhiteFilters”:{ “ErrorNo”:ERR_CERT_REVOKED, “CertWhiteFilters”:[], }, “LocalCertBlackAssertions”:{ “CertBlackAssertions”:[], } }¶
The "Version" member is set to 1 and encoded as a number in this standard version.¶
For the local white list certificate filter "LocalCertWhiteFilters" in the certificate preservation repository file, Internet browser users can configure zero or more white list certificate filter items "CertWhiteFilters" that have passed the basic certificate verification logic, where each white list certificate filter item "CertWhiteFilters" can include the "SerialNumber" of the certificate, the "SerialNumber" of the certificate, and/or the "subjectName" of the certificate. This mechanism suggests that each white list certificate filter item should contain an explanatory note "comment", so as to explain the relevant matching information to Internet browser users as much as possible and facilitate their understanding.¶
In file format, the content of the local whitelist certificate filter "LocalCertWhiteFilters" is represented as the values of the members "ErrorNo" and "CertWhiteFilters". The member "ErrorNo" describes the type of certificate error that occurs in the basic certificate verification logic, which is a positive integer with a value of a number in JSON format. Its default value is ERR_CERT_REVOKED (value 201, the types and value definitions of basic certificate errors defined in this mechanism can be found in Appendix A). Any algorithm implementation that complies with this mechanism can extend and define its own error types. The member CertWhiteFilters is represented by an array of zero or more objects, each object must contain at least one of the following members, or a combination of these members.¶
For the local blacklist certificate assertion "LocalCertBlackAssertions" in the certificate security repository file, Internet browser users can configure zero or more blacklist certificate assertion device entries "CertBlackAssertions" that have passed the basic certificate verification logic, where each blacklist certificate assertion entry "CertBlackAssertions" can include the "SerialNumber" of the certificate, the "subjectName" of the certificate, the "subjectAltName" of the certificate, the "issuer" name of the certificate, and/or the issuer alternative name "issuerAltName" of the certificate. This mechanism recommends that each blacklist certificate assertion item contain an explanatory not "comment", so as to explain relevant matching information to Internet browser users as much as possible and facilitate users' understanding.¶
In terms of format, the content of "LocalCertBlackAssertions", a local blacklist certificate assertion, is represented as the value of a "CertBlackAssertions" member, which is an array of zero or more objects. Each object must contain at least one of the following members, or a combination of the following members.¶
It should be noted that in actual systems, multiple local certificate preservation repository files based on JSON format may be supported for simultaneous use. To ensure consistency in local functionality, the configuration of multiple local certificate preservation repository files must ensure that there are no conflicts. In other words, the Internet browser should check the local white list certificate filter "LocalCertWhiteFilters" field and the local black list certificate assertion "LocalCertBlackAssertions" field in each local certificate preservation repository file to ensure that there are no overlapping configuration entries, and also ensure that there are no overlapping configuration entries in the local white list certificate filter "LocalCertWhiteFilters" field and the local black list certificate assertion "LocalCertBlackAssertions" field between different local certificate preservation repository files. If a conflict is detected, an error should be reported to the user who created the relevant local certificate preservation repository file. Internet browsers should de duplicate multiple local certificate preservation repository files as a collection. If there is any overlap between the local white list certificate filter “LocalCertWhiteFilters” field and the local black list certificate assertion “LocalCertBlackAssertions” field between the local certificate preservation repository files, the entire collection must be rejected.¶
The summary of all members and types supported by the JSON format local certificate preservation repository file in this mechanism is as follows:¶
{ “Version”:Type Int, “LocalCertWhiteFilters”: { “ErrorNo”: Type Int, “CertWhiteFilters”[ { “serialNumber”: Type Int, “subjectName”: "<Base 64 of some subjectName>", “subjectAltName”: "<Base 64 of some subjectAltName>", “comment”: Type String, } ], }, “LocalCertBlackAssertions”:{ “CertBlackAssertions”:[ { “serialNumber”: Type Int, “subjectName”: "<Base 64 of some subjectName>", “subjectAltName”: "<Base 64 of some subjectAltName>", “issuerName”: "<Base 64 of some issuerName>", “issuerAltName”: "<Base 64 of some issuerAltName>", “comment”: Type String, } ], } }¶
The meaning of the following errors can be literally seen from common browsers.¶
ERR_CERT_INVALID:201, ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:202, ERR_CERT_REVOKED:203, ERR_CERT_AUTHORITY_INVALID:204, ERR_CERT_COMMON_NAME_INVALID:205, ERR_CERT_WEAK_SIGNATURE_ALGORITHM:206, ERR_CERT_DATE_INVALID:207, ERR_CERT_VALIDITY_TOO_LONG:208, ERR_CERT_NO_REVOCATION_MECHANISM:209, ERR_CERT_UNABLE_TO_CHECK_REVOCATION:210, ERR_CERTIFICATE_TRANSPARENCY_REQUIRED:211, ERR_CERT_SYMANTEC_LEGACY:212, ERR_CERT_NAME_CONSTRAINT_VIOLATION:213, ERR_CERT_KNOWN_INTERCEPTION_BLOCKED:214, ERR_CERT_WEAK_KEY:215, ERR_CERT_STATUS_NON_UNIQUE_NAME:216,¶
This memo includes no request to IANA.¶
This mechanism defines the reference specification for the Internet browser to locally preserve and manage the customized Web PKI certificate resources, and provides a simple mechanism to enable the Internet browser (in its implementation form, it may also be a browser proxy) to establish a local customized management view of the Web PKI certificate resources, and to overwrite the certificate data or verification results published by certain certification authority CAs when necessary. This mechanism addresses the security issues of domain name certificate resources in network infrastructure, namely the risk of unilateral suspension and revocation of certificate ownership due to the mismatch between ownership and management rights of certificate resources; Cleverly resolving the contradiction between unity and autonomy, key infrastructure improvement and stability, compatible with the contradiction between existing and smooth substitution, compatible with existing authentication systems, enabling stakeholders in the network to smoothly replace existing authentication, cope with the impact of malicious revocation of important industry certificates, and ensure the safe and normal operation of important industry systems. For this reason, Internet browsers (relying parties or their agents) conforming to this mechanism can autonomously decide and process any certificate and its verification results asserted by the local certificate preservation database according to local management requirements. This mechanism is applicable to the implementation and application of the Internet browser certificate resource preservation system based on Web PKI, and it is applicable to ensuring the smooth operation of the secure network access related to the business of an organization, without being subject to the management and control of other organizations that may have competitive interests; The Internet browser local certificate preservation specifications defined in this section are universal, and can also be applied to other similar network security applications and environments of different types based on PKI mechanism.¶