1

In Windows certificate store, an intermediate CA certificate without Key Usage extension is considered eligible (as long as it has isCA flag from Basic Constraints of course) for singing end entity certificates (such chain is considered valid). But, RFC 5280 states that

4.2.1.3. Key Usage

Conforming CAs MUST include this extension in certificates that contain public keys that are used to validate digital signatures on other public key certificates or CRLs. When present, conforming CAs SHOULD mark this extension as critical.

My understanding is that an absence of the Key Usage ext. is an inability of the intermediate CA certificate to sign other certificates. Is this a bug in Windows' validation chain procedure or my misunderstanding of RFC?

jirkamat
  • 143
  • 1
  • 6

1 Answers1

2

You are not incorrect, and neither is Windows. You're just using different sets of information.

RFC 3280 sec 4.2.1.3 (which was carried into the updates for RFC 5280) says that a CA must include the KU extension in any child CAs. So any CA which doesn't do so is not following the guidance of RFC 3280.

ITU-T X.509 (2012-10) sec 11.3.2 describes when a certificate is a match against a set of constraints. And it says:

keyUsage matches if all of the bits set in the presented value are also set in the key usage extension in the stored attribute value, or if there is no key usage extension in the stored attribute value;

(Bold in the original, italic emphasis mine)

So, a CA, under RFC 3280 or RFC 5280, MUST include the extension. But X.509 says that the chain builder/verifier should consider it valid to be missing.

Community
  • 1
bartonjs
  • 1,723
  • 7
  • 9