1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
Independent Submission S. Turner
Request for Comments: 7169 IECA, Inc.
Category: Informational 1 April 2014
ISSN: 2070-1721
The NSA (No Secrecy Afforded) Certificate Extension
Abstract
This document defines the NSA (No Secrecy Afforded) certificate
extension appropriate for use in certain PKIX (X.509 Pubic Key
Certificates) digital certificates. Historically, clients and
servers strived to maintain the privacy of their keys; however, the
secrecy of their private keys cannot always be maintained. In
certain circumstances, a client or a server might feel that they will
be compelled in the future to share their keys with a third party.
Some clients and servers also have been compelled to share their keys
and wish to indicate to relying parties upon certificate renewal that
their keys have in fact been shared with a third party.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7169.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Turner Informational [Page 1]
^L
RFC 7169 The NSA Certificate Extension 1 April 2014
1. Introduction
Insecurity abounds when clients and servers are unable to keep their
private keys private. Situations exist nonetheless where client and
servers have shared their private keys with a third party. An
example of over-sharing might be lawful intercept.
Just because the private key has been shared does not mean that the
private key holder wants to conceal the fact they have shared their
private key with a third party. Overtly indicating that the private
key may be or has been shared with a third party is the best way to
indicate to relying parties that this sharing has occurred.
Knowledge is power, after all. Extensions for certificates [RFC5280]
offer an excellent mechanism to indicate that the entities key(s)
have been shared, and this document specifies one such certificate
extension for use by entities that have shared their private key: the
NSA (No Secrecy Afforded) certificate extension.
2. The NSA Certificate Extension
In order to allow entities that have shared their keys with a third
party, the NSA certificate extension is defined herein. ASN.1
[X.680] for the extension follows:
ext-KeyUsage EXTENSION ::= { SYNTAX
BOOLEAN IDENTIFIED BY id-pe-nsa }
id-pe-nsa OBJECT IDENTIFIER ::= { id-pe 23 }
Making the boolean TRUE indicates that the key has been shared with a
third party, and making the extension FALSE indicates that the key
may have also been shared with a third party but the signer does not
want to overtly indicate that the key has been shared. This
extension is always marked critical.
3. Security Considerations
Having to disclose keys is sometimes unavoidable. Explicitly
indicating that the keys have been shared is one way to mitigate the
risk that the relying party might be unaware of this over share.
Whatever the case for having shared the keys, the certificate signer
needs to careful consider whether to include this extension.
Any key with this extension must be trusted with care. Lengthy
deliberations about whether to trust the keys is necessary. Rushing
a security analysis is never a good thing. Ultimately, the keys need
not be trusted. Secrecy is hard.
Turner Informational [Page 2]
^L
RFC 7169 The NSA Certificate Extension 1 April 2014
4. Normative References
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008.
[X.680] ITU-T, "Information technology - Abstract Syntax Notation
One (ASN.1): Specification of basic notation", ITU-T
Recommendation X.680 (2002) | ISO/IEC 8824-1:2002, 2002.
Author's Address
Sean Turner
IECA, Inc.
3057 Nutley Street, Suite 106
Fairfax, VA 22031
USA
EMail: turners@ieca.com
XMPP: sean.turner@jabber.psg.com
Turner Informational [Page 3]
^L
|