[cabfpub] On the use of misuse - and the necessity to remove it

Ryan Sleevi sleevi at google.com
Thu Jun 7 05:40:16 MST 2018


During the discussion at the CA/Browser Forum F2F, there was some confusion
about the term "misuse", and no clear definition emerged that would provide
guidance.

The Baseline Requirements has the following to say regarding "misuse"
relating to Subscriber certificates:

Section 1.6.1 ( Definitions )
Certificate Problem Report: Complaint of suspected Key Compromise,
Certificate misuse, or other types of fraud, compromise, misuse, or
inappropriate conduct related to Certificates.

Section 4.9.1.1 ( Reasons for Revoking a Subscriber Certificate )
The CA SHALL revoke a Certificate within 24 hours if one or more of the
following occurs:
4. The CA obtains evidence that the Certificate was misused;

Section 4.9.3 ( Procedure for Revocation Request )
The CA SHALL provide Subscribers, Relying Parties, Application Software
Suppliers, and other third parties with clear instructions for reporting
suspected Private Key Compromise, Certificate misuse, or other types of
fraud, compromise, misuse, inappropriate conduct, or any other matter
related to Certificates. The CA SHALL publicly disclose the instructions
through a readily accessible online means.

Section 9.6.3 ( Subscriber Representations and Warranties )
5. Reporting and Revocation: An obligation and warranty to: (a) promptly
request revocation of the Certificate, and cease using it and its
associated Private Key, if there is any actual or suspected misuse or
compromise of the Subscriber’s Private Key associated with the Public Key
included in the Certificate, and (b) promptly request revocation of the
Certificate, and cease using it, if any information in the Certificate is
or becomes incorrect or inaccurate.

7. Responsiveness: An obligation to respond to the CA’s instructions
concerning Key Compromise or Certificate misuse within a specified time
period.


In each of these, "misuse" is undefined, and thus ambiguous and
unenforceable on a consistent and interoperable definition.

We heard several possible definitions advanced, on the basis of discussion
of 4.9.1.1:
1) There is no definition, it is redundant.

2) There is a definition, and it's already captured in 4.9.1.1 (5) -
namely, that a certificate is "misused" if it's used in a way counter to
the Subscriber Agreement or Terms of Use.
""  5. The CA is made aware that a Subscriber has violated one or more of
its material
      obligations under the Subscriber Agreement or Terms of Use;""

3) There is a definition, and CAs know what it means

On that third point, attempts to find such a definition did not produce a
clear result. One example that was provided was by citing Section 1.6.1 and
4.9.3. However, if we attempt to substitute that definition in, we find its
circular. That is,

"Misuse is suspected Private Key Compromise, Certificate misuse, or other
types of fraud, compromise, misuse, inappropriate conduct, or any other
matter related to Certificates", we find that misuse appears twice in the
definition (Certificate misuse and misuse).

In the pursuit of a definition, we tried to work backwards - what are
situations we think are misuse.

One suggestion was that it was "fraud, compromise, misuse, inappropriate
conduct, or other matter" - but that still suffers the same circular
definition. Further, the BRs do not define "fraud" or "inappropriate
conduct" - for example, if I serve an "example.com" certificate if the SNI
contains "example.net", is that inappropriate conduct or fraud? In any
event, the CA would disclose such definitions in their CP/CPS and
Subscriber Agreement or Terms of Use, so such a definition would be met by
4.9.1.1 (5). However, in further consideration, beyond being a circular
definition, it's a definition that posits that "misuse" is a distinct and
independent state compared to "fraud", "compromise", and "inappropriate
conduct" - but what that state is is not defined.

Another suggestion was that it involved scenarios where the Subscriber
private key was in an HSM, and itself was not compromised, but had signed
things it was not expected to. This wasn't elaborated on further - so I'm
uncertain if this meant things other than the TLS handshake transcript -
but this is already met by our definition of Key Compromise in 1.6.1, that
is:
""A Private Key is said to be compromised if its value has been disclosed
to an
   unauthorized person, an unauthorized person has had access to it, or
there exists a
   practical technique by which an unauthorized person may discover its
value. """

In such a scenario, the definition of "misuse" would already be met by
4.9.1.1 (3) - namely, revocation for Subscriber Key Compromise.

As such, as it stands, we have a requirement that is, at best, undefined,
and at worst, unauditable and inconsistent. There was some concern that
removing 4.9.1.1 (4) would remove a thing of value.

For those who feel 4.9.1.1 (4) has a definition, I'd like to put forward
the following request: Provide a suggestion for 1.6.1 or 4.9.1.1 (4) that
we can exactly substitute "misused" for, if it captures something that is
not already captured by the Baseline Requirements.

For example: "A certificate is misused if it is used to do X". We can then
compare that with the purpose of a certificate - which the BRs define as
certificates "to be used for authenticating servers accessible through the
Internet. "
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180607/7c582e40/attachment.html>


More information about the Public mailing list