[gnutls-devel] GnuTLS | GnuTLS: Consider depth-first ("branching") certificate path building strategy (#1286)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Oct 31 14:42:09 CET 2021

Michael Catanzaro created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1286

## Description of the feature:

Over the past couple years, there have been a series of blog posts highlighting the need for improved certificate path building strategies in TLS libraries. Notably:

 * Ryan Sleevi ([part one](https://medium.com/@sleevi_/path-building-vs-path-verifying-the-chain-of-pain-9fbab861d7d6), [part two](https://medium.com/@sleevi_/path-building-vs-path-verifying-implementation-showdown-39a9272b2820)) describes a certificate path building strategy based on depth-first search, where path building is part of certificate verification and not a separate initial step in order to ensure the implementation can consider another path if verification of the first path fails.
 * [Ian Haken](https://netflixtechblog.com/revisiting-bettertls-certificate-path-building-4c978b79843f) introduces a bettertls test server that evaluates the robustness of TLS client path building, and shares the results for GnuTLS and other clients. Here he calls Ryan's strategy "branched" path building.
 * Scott Helme ([part one](https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/), [part two](https://scotthelme.co.uk/complexities-chain-building-ca-infrastructure/), and [part three](https://scotthelme.co.uk/cross-signing-alternate-trust-paths-how-they-work/), [part four](https://scotthelme.co.uk/building-certificate-chains/)) provide additional background and motivation. (Most of this will already be familiar to TLS library developers.)

To the best of my knowledge, GnuTLS's current path building strategy is currently sufficient for compatibility with _today's_ web. That said, it would be prudent to consider whether GnuTLS should adopt Ryan's suggested path building strategy, which would allow passing the bettertls tests. This might improve confidence that GnuTLS will be unaffected by _future_ incidents where a large number of websites break after a particular root certificate expiration, similar to #1008.

## Applications that this feature may be relevant to:


## Is this feature implemented in other libraries (and which)

According to [this blog post](https://netflixtechblog.com/revisiting-bettertls-certificate-path-building-4c978b79843f) this path building strategy is implemented by: Rusttls, Go, Java, LibreSSL, Firefox, Chromium

Notably not implemented by: OpenSSL, BoringSSL

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1286
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211031/3dfd1277/attachment.html>

More information about the Gnutls-devel mailing list