Path Building vs Path Verifying: The Chain of Pain

Understanding The Problem

Figure 7 from RFC 4158

Visualizing the Problem

A visualization of the Mozilla Trusted CAs PKI graph, showing CAs as nodes, and the certificates that link them as edges.
Mozilla Trusted CAs, June 8, 2020

How to Avoid the Problem

More Ways to Go Wrong

Key Elements of a Successful Implementation

  • Make sure your APIs return issuers, and not just a single issuer.
  • When returning issuers, have a plan to sort them. You can do a simple sort, such as preferring trusted certificates first, or you could consider the strategies from RFC 4158. As RFC 4158 calls out, for every positive example, there’s likely a negative counter-example as well; the joy of engineering is finding the right balance for the use case.
  • Treat the certificates from the server as TLS 1.3 describes: a collection of certificates that can be used to build out the graph, rather than as an ordered linear chain, although with the first certificate as the server’s certificate.
  • Support some way of discovering additional links in the graph. This could be by allowing the calling application to provide a set of “not positively trusted” certificates, such as Mozilla’s intermediate preloading does, or it could mean supporting fetching authorityInformationAccess and allowing the CA to provide these additional certificates.
  • Integrate any checks as part of path building, such that path verification is merely a part of path building. You don’t need to build every chain, and then try to verify every chain; verify-as-you-go is a fine strategy. However, it’s essential that if a chain doesn’t verify, path building continues and tries to exhaust all paths before returning.
  • As with all graph algorithms, know your limits. Whether it’s the length/depth of the chain, the number of paths explored, the number of signatures verified, or the total time spent examining the graph, apply bounds to limit shenanigans.

Built for the Internet

Name Constraints

Extended Key Usages

Weak Crypto Handling

Trust Store Design and Trust Anchor Restrictions

Open Source Roundup





I work on certs and stuff. Tweets are my own, etc. etc.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

AWS — Difference between Amazon EventBridge and Amazon SNS

The Beauty of Chinese, Pt. 5

Building Microservices with AKS and VSTS — Part 3

How to run SBT on Apple Silicon

Create an Elixir Phoenix API — Part 2— Generate an API Swagger Specification

What Could Be the Effects of Texas Declaring Itself a Bitcoin-Friendly State?

Grafana up and running — What is Grafana?

[2022] How to install Git on Windows 10 / 11 (step by step guide)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ryan Sleevi

Ryan Sleevi

I work on certs and stuff. Tweets are my own, etc. etc.

More from Medium

SOLID Principles

Tests with Postman — From zero to something

Managing Libraries without Maven