I'm sure there's some software out there that will use the server certificate by default when acting as a client, but I'd expect that most of the time it'd be possible to configure it otherwise.
Like it or not the CA/BF and Chrome Root Program are targeting exactly the same group of CAs. Everyone else doesn't care about them anyway.
however it looks like Digicert is taking matters into it's own hands and trying to push a X9 PKI. They also explain why having clientAuth and serverAuth in the same cert is valuable and all. Maybe their word is more understandable to you all...
I'd still be interested how the Chrome Root Program wants to handle all of the eIDAS CAs then. They're issuing website certificates that are also used for server-to-server API requests in PSD2 after all...
Yeah, I knew about the Apple proposal to lower the max lifetime to 398 not passing and then them making it part of the root program requirements. It definitely shows who has the real power in WebPKI.
But that's a case of Apple seeking discussion and a vote on the CA/B Forum and then bypassing the forum after CAs made the (short-sighted) decision to reject the ballot.
Apple again submitted a ballot to gradually lower the certificate maximum lifetime to 47 days. And Google submitted a ballot for requiring MPIC.
I don't think these started as root requirements. So, it seems like browsers at least occasionally try to get requirements into the BRs first. But that didn't happen for clientAuth EKU removal.
Because ClientAuth is still going to be allowed under the BRs and some CAs will continue to support it. It would be a much bigger change to remove it from the BRs.
Chromeâs root program is smaller than the full Web PKI, just used by Chrome. As youâve all noted, the set of CAs contained in a typical Linux trust store are used for things beyond just what Chrome does.
I would suggest this discussion should move to the CCADB public mailing list, which is the best place to communicate with the root programs and their requirements.
Not in time for this. Even assuming people run current operating
systems (which they donât, for reasons), a vast majority wonât see
anything that gets implemented within the year before early-to-mid
2028, due to distro release cycles.
I don't know that there is a big overlap in the Venn diagram of 'CAs who will still issue with clientAuth because they don't care about Chome' and 'will sell or make available a certificate to subscribers' and maybe 'CAs who put the effort in to stay in all the none-Chrome trust stores'.
clientAuth is going away for publicly-trusted certificates, and in barely 12 months. I would suggest using that time to migrate away or find alternative solutions, instead of making (I believe futile) attempts to change Google policies.
I don't understand how you accept your Jabber server to not support this (at least not for the forseeable future), while on the other hand you demand a CA to adjust to your expectations.
I put together a quick script to find certificates trusted by Apple/Mozilla/Microsoft that aren't trusted by Chrome. It doesn't take into account cross signs but it does show some relevant CAs.
Apple and Microsoft include CAs like:
SSL.com Client ECC Root CA 2022 (in Apple/Microsoft)
HARICA Client ECC Root CA 2021 (in Apple/Microsoft)
GlobalSign Client Authentication Root E45 (in Microsoft)
Just based on looking at the cert names, Mozilla doesn't seem to include single purpose client auth roots.
Still, there are a lot of root certificates in there where the CA might decided to keep issuing certs with the client auth EKU.
I donât understand why itâs so hard for people to get the expectation
that THINGS THAT CURRENTLY WORK JUST CONTINUE WORKING, i.e. donât
break existing users, period.
Even the Linux kernel doesnât do it, even if people occasionally try.
SSL 3.0, TLS 1.0, SHA-1 certificates, ... also worked at some point, but are largely not supported anymore today.
The Internet is not a static environment.
If the public WebPKI was never willing to break existing systems, we'd still be in a world where publicly trusted CAs issued certificates for localhost and used encryption algorithms that are now known to be weak.
Yes, change makes things more difficult. But the only thing worse than change to make things more secure is a lack of change to make things more secure. And those are basically the options.
Are you actively discussing this issue at any XMPP, XSF, and/or Jabber forums?
I think that entire community is best engaged to figure out a way forward.
Let's Encrypt staff has been very clear on their plans. Involving the experts for your server products is likely more productive.
@agowa post of DigiCert's explanation of X9 PKI targeted at financial systems is an excellent example of a group focused on building a solution for their needs. Seems to me that the XMPP, XSF, and Jabber community needs to get together as well.
That would not help, as this affects more than one use case,
and we donât even know all current use cases that are affected
BECAUSE THIS ALWAYS HAS JUST WORKED.
)