[CentOS] Why is localhost self-signed cert a CA cert?

Sun Jan 13 01:34:04 UTC 2013
Gordon Messmer <yinyang at eburg.com>

On 01/08/2013 05:30 PM, Robert Moskowitz wrote:
> I know that I would have to take this to bugzilla if my reading was
> correct. And on further review, I am holding more that way. So I will
> put in the bug report even without being a paying customer. Just my cred
> on working on PKIX back a decade ago and being the architect of the
> Bridge CA model for the US Federal and BioPharma PKIs...

"cred" is frequently unrecognized by developers, so my advice would be 
to skip that part.  Stick to a description of the problem as you see it, 
and what solutions are available.  For example:


When mod_ssl is installed (and possibly other openssl packages) it 
creates a new certificate for localhost using the following command:
   /usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key \
          -x509 -days 365 -set_serial $RANDOM \
          -out /etc/pki/tls/certs/localhost.crt

In the distributed openssl configuration, this will create an x509 cert 
which uses the extensions included in the v3_ca section of the 
openssl.cfg file.

If any user connects to a service using such an automatically generated 
certificate, and accepts installation of the self-signed certificate 
(the default acceptance option in Firefox), it will be stored in their 
trusted CA list, as its constraints specify CA:True.

This creates unnecessary risk.  Anyone with access to such a certificate 
can later sign a certificate for any hostname, and users who have 
accepted the self-signed cert will see no warnings.  If the command is 
modified to specify the v3_req extensions rather than the default, the 
resulting certificate will be equally usable, without creating undue 
risk for users who accept the certificate.
   /usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key \
          -x509 -days 365 -set_serial $RANDOM \
          -extensions v3_req \
          -out /etc/pki/tls/certs/localhost.crt


However, I have no idea how seriously anyone will take the issue unless 
there's a broad base of users who request such a change.  The situation 
can be made slightly better by this change, but making it doesn't make 
self-signed certificates less common.  As long as self-signed 
certificates are common, users will get into the habit of permanently 
accepting untrusted certs.  If they do that, and the cert specifies that 
it is a CA, then they've installed a new CA.

These certs are just a small part of a much larger and more serious 
design problem with SSL.  User agents (especially Firefox) don't really 
make clear that a new cert is a CA, rather than a certificate with more 
limited purpose.  Users can't really be expected to learn the 
difference, either.

I really hope that the whole trust chain aspect of SSL is thrown away 
someday soon, replaced by some better model.  Convergence.io is one I 
really like.