Title: Security - Additional extensions in CA certificates
PDR Reference:                M2080004
Originator Reference:         PDR-SV8-2
SARPs Document Reference:     Sub-Volume VIII, edition 3
Status:                       RESOLVED
Impact:                       A
PDR Revision Date:            21 Nov 2002 (Resolved)
			      07 Oct 2002 (Updated at Proposed)
			      02 Oct 2002 (Proposed)
			      23 Sep 2002 (Accepted)
PDR Submission Date:          24 Aug 2002 (Submitted)
Submitting State/Organization:     FAA
Submitting Author Name:       Simon Blake-Wilson
Submitting Author E-mail Address: sblakewilson@bcisse.com Submitting Author Supplemental
Contact Information:          +1-416-214-5961
SARPs Date:                   Doc 9705 Edition 3
SARPs Language:               English

Summary of Defect:

Validation efforts have identified that the omission of the certificate extensions "basic constraints" and "subject key identifier" from ATN certificates issued to CAs makes these certificates non-compliant with the popular IETF PKIX certificate profile. The addition of these extensions does not adversely affect the efficiency of the ATN PKI. Therefore addition of these extensions is proposed.

Assigned SME:  Sub-Volume VIII SME

Proposed SARPs amendment:

1/ 8.4.3: Change the note below clause 8.4.3 to "Note 1" and add a second note below note 1, reading:

"Note 2 - The ATN PKI certificate format specified in this section is mandatory only for certificates issued by one entity to another different entity."

2/ 8.4.3: Add a recommendation and accompanying note directly below clause 8.4.3 and its notes, reading: 

"8.4.3.bis  Recommendation -  CA root keys should be distributed out-of-band in the form of self-signed certificates which follow the certificate profile specified here.

 Note.- A self-signed certificate is a certificate issued by an entity to itself. CAs often make use of self-signed certificates as a convenient format with which to distribute their root keys out of band."

3/ 8.4.3.1.3.9: Reword so that the clause reads: 

"8.4.3.1.3.9  The Extensions field in all ATN certificates shall contain the authority key identifier extension, the key usage extension, the subject alternative name extension, and the issuer alternative name extension.

 8.4.3.1.3.9.bis  When the subject of the certificate is a CA, the Extensions field shall in addition contain the basic constraints extension and the subject key identifier extension."

4/ 8.4.3.1.3.9: Add a note below this clause (as modified above) reading: "Note.- Only the extensions as specifically identified above may be present in ATN certificates."

5/ 8.4.3.1.3.9.5: Add a new clause reading:

"8.4.3.1.3.9.5  Basic constraints extension

 Note.- The basic constraints extension helps to identify the subject of a certificate as a CA.

 8.4.3.1.3.9.5.1  When the subject of the certificate is a CA, the basic constraints extension shall be the fifth extension identified by the OID id-ce-basicConstraints."

 8.4.3.1.3.9.5.2  When it is present, the basic constraints extension shall be marked critical.

 8.4.3.1.3.9.5.3  When it is present, BasicConstraints shall assert the value True in the cA field.

 8.4.3.1.3.9.5.4  When it is present, BasicConstraints shall omit the pathLenConstraint field."

6/ 8.4.3.1.3.9.6: Add a new clause reading:

"8.4.3.1.3.9.6  Subject key identifier extension

 Note.- The subject key identifier helps identify the public key contained in the certificate. This extension is especially useful during events like CA key rollover.

 8.4.3.1.3.9.6.1  When the subject of the certificate is a CA, the subject key identifier extension shall be the sixth extension identified by the OID id-ce-subjectKeyIdentifier.

 8.4.3.1.3.9.6.2  When it is present, the subject key identifier extension shall be marked non-critical.

 8.4.3.1.3.9.6.3  When it is present, the value of SubjectKeyIdentifier shall be composed of a four bit type field with the value 0100 followed by the least significant 60 bits of the SHA-1 hash of the value of the subjectPublicKey of the certificate subject."

Impact on interoperability: Moderate. CA certificates not containing the new extensions are no longer valid. Aircraft decompressing certificates without adding the new extensions will fail to verify the certificates.

Validation status:  Thorough inspection should be sufficient.

SME Recommendation to CCB: Progress to RESOLVED

CCB Decision: RESOLVED