Improve profiles #228
+69
−77
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -866,22 +866,19 @@ ISRG Public Keys are also available in the Certificate Repository. | |||||
|
|
||||||
| ### 6.1.5 Key sizes | ||||||
|
|
||||||
| ISRG Root CA keys are either RSA with a modulus of length 4096 or ECDSA with namedCurve P-384. | ||||||
|
|
||||||
| ISRG Subordinate CA keys are either RSA with a modulus of length 2048 or ECDSA with namedCurve P-384. | ||||||
|
|
||||||
| Public keys in Subscriber Certificates issued by ISRG are either RSA with a modulus of length 2048, 3072, or 4096; or ECDSA with namedCurve P-256, P-384, or P-521. | ||||||
|
|
||||||
| ### 6.1.6 Public key parameters generation and quality checking | ||||||
|
|
||||||
| ISRG uses HSMs conforming to FIPS 186-4, capable of providing random number generation and on-board creation of at least 2048-bit RSA keys and at least 384-bit ECDSA keys. | ||||||
|
|
||||||
| Per [NIST SP 800‐89](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-89.pdf), section 5.3.3, the CA ensures that all RSA keys in ISRG CA and Subscriber certificates have a public exponent of 65537 and an odd modulus which has no factors smaller than 752. | ||||||
|
|
||||||
| Per [NIST SP 800-56A (Revision 2)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf), Section 5.6.2.3.2, the CA ensures that all ECDSA keys in ISRG CA and Subscriber certificates comply with the ECC Full Public Key Validation Routine. | ||||||
|
There was a problem hiding this comment. Using the shorter link, same as the above suggestion.
Suggested change
There was a problem hiding this comment. I'm really not sure if this matters, but according to https://csrc.nist.gov/pubs/sp/800/56/a/r2/final: NIST SP 800-56A Rev. 2 has been superseded by NIST SP 800-56A Rev. 3. |
||||||
|
|
||||||
| ### 6.1.7 Key usage purposes (as per X.509 v3 key usage field) | ||||||
|
|
||||||
|
|
@@ -1013,69 +1010,55 @@ See Section 5.5.5. | |||||
|
|
||||||
| ## 7.1 Certificate profile | ||||||
|
|
||||||
| All fields are as specified in RFC 5280 and the Baseline Requirements, including fields and extensions not specifically mentioned. | ||||||
|
|
||||||
| ### Root CA Certificate | ||||||
|
|
||||||
| | Field or extension | Value | | ||||||
| | ------------------------------ | --------------------------------------------------------------| | ||||||
| | Serial Number | Unique, with 64 bits of output from a CSPRNG | | ||||||
| | Issuer Distinguished Name | C=US, O=Internet Security Research Group, and a meaningful CN | | ||||||
| | Subject Distinguished Name | Same as Issuer DN | | ||||||
| | Validity Period | Up to 25 years | | ||||||
| | Basic Constraints | cA=True, pathLength constraint absent (critical) | | ||||||
| | Subject Public Key | See Sections 6.1.5, 6.1.6, and 7.1.3.1 | | ||||||
| | Key Usage | keyCertSign, cRLSign (critical) | | ||||||
|
|
||||||
| ### Subordinate CA Certificate | ||||||
|
|
||||||
| | Field or extension | Value | | ||||||
| | ------------------------------ | ----------------------------------------------------------------------------- | | ||||||
| | Serial Number | Unique, with 64 bits of output from a CSPRNG | | ||||||
| | Issuer Distinguished Name | Derived from Issuer certificate | | ||||||
| | Subject Distinguished Name | C=US, O=Let's Encrypt, and a meaningful CN | | ||||||
| | Validity Period | Up to 8 years | | ||||||
| | Basic Constraints | cA=True, pathLength constraint 0 (critical) | | ||||||
| | Key Usage | keyCertSign, cRLSign, digitalSignature (critical) | | ||||||
| | Extended Key Usage | TLS Server Authentication, TLS Client Authentication | | ||||||
| | Certificate Policies | CAB Forum Domain Validated (2.23.140.1.2.1) | | ||||||
| | Authority Information Access | Contains CA Issuers URL and optionally an OCSP URL; URLs vary based on Issuer | | ||||||
| | Subject Public Key | See Sections 6.1.5, 6.1.6, and 7.1.3.1 | | ||||||
| | CRL Distribution Points | Contains a CRL URL; URL varies based on Issuer | | ||||||
|
|
||||||
| ### DV-SSL Subscriber Certificate | ||||||
|
|
||||||
| | Field or extension | Value | | ||||||
| | --------------------------------- | --------------------------------------------------------------------------------- | | ||||||
| | Serial Number | Unique, with 64 bits of output from a CSPRNG | | ||||||
| | Issuer Distinguished Name | Derived from Issuer certificate | | ||||||
| | Subject Distinguished Name | CN=none, or one of the values from the Subject Alternative Name extension | | ||||||
| | Validity Period | Up to 100 days | | ||||||
| | Basic Constraints | cA=False (critical) | | ||||||
| | Key Usage | digitalSignature, and optionally keyEncipherment (critical) | | ||||||
| | Extended Key Usage | TLS Server Authentication, TLS Client Authentication | | ||||||
| | Certificate Policies | CAB Forum Domain Validated (2.23.140.1.2.1) | | ||||||
| | Authority Information Access | Contains CA Issuers URL and OCSP URL; URLs vary based on Issuer. | | ||||||
| | Subject Public Key | See Sections 6.1.5, 6.1.6, and 7.1.3.1 | | ||||||
| | Subject Alternative Name | A sequence of 1 to 100 dNSNames or ipAddresses (critical if no CN) | | ||||||
| | TLS Feature | Contains status_request if requested by the Subscriber in the CSR | | ||||||
| | Precertificate poison | Per RFC 6962 (precertificates only, critical) | | ||||||
| | Signed Certificate Timestamp List | Per RFC 6962 (final certificates only) | | ||||||
| | CRL Distribution Point | If present, contains a URI to the CRL shard whose scope includes this certificate | | ||||||
|
|
||||||
| ### 7.1.1 Version number(s) | ||||||
|
|
||||||
|
|
@@ -1089,14 +1072,23 @@ See section 7.1. | |||||
|
|
||||||
| #### 7.1.3.1 SubjectPublicKeyInfo | ||||||
|
|
||||||
| The `AlgorithmIdentifier` field of the `SubjectPublicKeyInfo` field of ISRG Certificates has the following (hex-encoded) DER bytes, corresponding to the key type: | ||||||
|
|
||||||
| | Type | Hex AlgorithmIdentifier | | ||||||
| | ----------- | -------------------------------------------- | | ||||||
| | RSA | `300d06092a864886f70d0101010500` | | ||||||
| | ECDSA P-256 | `301306072a8648ce3d020106082a8648ce3d030107` | | ||||||
| | ECDSA P-384 | `301006072a8648ce3d020106052b81040022` | | ||||||
| | ECDSA P-521 | `301006072a8648ce3d020106052b81040023` | | ||||||
|
|
||||||
| #### 7.1.3.2 Signature AlgorithmIdentifier | ||||||
|
|
||||||
| The `AlgorithmIdentifier` field of `signature` and `signatureAlgorithm` fields of ISRG Certificates, CRLs, and OCSP Responses has the following (hex-encoded) DER bytes, corresponding to the issuer's key type and signature algorithm: | ||||||
|
|
||||||
| | Type | Hex AlgorithmIdentifier | | ||||||
| | ---------------- | -------------------------------- | | ||||||
| | RSA with SHA-256 | `300d06092a864886f70d01010b0500` | | ||||||
| | ECDSA P-384 | `300a06082a8648ce3d040303` | | ||||||
|
|
||||||
| ### 7.1.4 Name forms | ||||||
|
|
||||||
|
|
@@ -1134,19 +1126,19 @@ For the status of Subordinate CA Certificates: | |||||
| | NextUpdate | Up to ThisUpdate + 1 year | | ||||||
| | RevokedCertificates | Contains: userCertificate, revocationDate, reasonCode | | ||||||
| | CRLnumber | The serial number of this CRL in an incrementally increasing sequence of CRLs | | ||||||
| | IssuingDistributionPoint | If present, asserts onlyContainsCACerts | | ||||||
|
|
||||||
| For the status of Subscriber Certificates: | ||||||
|
|
||||||
| | Field or Extension | Value | | ||||||
| | ------------------------- | -------------------------------------------------------------------------------------------- | | ||||||
| | Version | V2 | | ||||||
| | Signature Algorithm | sha256WithRSAEncryption or ecdsa-with-SHA384 | | ||||||
| | ThisUpdate | The date and time when the Certificate revocation list validity begins | | ||||||
| | NextUpdate | Up to ThisUpdate + 10 days | | ||||||
| | RevokedCertificates | Contains: userCertificate, revocationDate, reasonCode | | ||||||
| | CRLnumber | The serial number of this CRL in an incrementally increasing sequence of CRLs | | ||||||
| | IssuingDistributionPoint | Contains a distributionPoint pointing to the CRL's unique URL, asserts onlyContainsUserCerts | | ||||||
|
|
||||||
| ### 7.2.1 Version number(s) | ||||||
|
|
||||||
|
|
||||||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NIST seems to prefer referencing this document using the shorter
doi.orglink. A google search also yields significantly more results referencing this link format.