Wildcards on NTS certificates -- security

Matthew Selsky Matthew.Selsky at twosigma.com
Tue Mar 1 04:01:56 UTC 2022


On Fri, Feb 25, 2022 at 12:02:34PM -0800, Gary E. Miller via devel wrote:
> Yo Hal!
> 
> On Tue, 22 Feb 2022 14:39:21 -0800
> Hal Murray via devel <devel at ntpsec.org> wrote:
> 
> > They don't work.  See https://gitlab.com/NTPsec/ntpsec/-/issues/729
> > 
> > There is a single line of code that disables them.
> > 
> > They are less secure.  But is that "less" practical or theoretical?
> > 
> > They are deprecated in RFC 6125
> >   https://datatracker.ietf.org/doc/html/rfc6125#section-7.2
> > 
> > Should we:
> >   remove or comment out that line of code
> >   add an option to the server line to allow wildcards
> >   reject the bug report
> >   ...
> 
> I'd go with making it optional, not the default.
>  
> > Anybody have any opinions?  How strong?
> 
> Not strong, but I see how some people woule need them.

See https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/ section 3 which says:

   A technology MAY disallow the use of the wildcard character in DNS
   names.  If it does so, then the specification MUST state that
   wildcard certificates as defined in this document are not supported.

https://datatracker.ietf.org/doc/html/rfc8915 doesn't mention that wildcards are not supported.

So we should allow wildcards once this errata is published (or now?), with the X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS flag. And this should be built-in, not optional. We don't need another config flag.

Cheers,
-Matt


More information about the devel mailing list