Phil PennockFeb 14, 2025
Matthew McPherrin

Chrome has published version 1.6 of their root store policy.

Notably, this contains a timeline for deprecating use of the TLS Client Auth extended-key-usage inside the PKIs included in their program.
If you currently use TLS Client Auth from a publicly trusted CA, you may need to take action.

> ... certificates issued on or after June 15, 2026 MUST include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.

https://www.chromium.org/Home/chromium-security/root-ca-policy/#32-promote-use-of-dedicated-tls-server-authentication-pki-hierarchies

Chrome Root Program Policy, Version 1.6

Feb 14, 2025 at 9:56pmWeb
Show threadRyan Castellucci (they/them) Feb 14, 2025
@mattm no more s/mine certificates, then?
Show threadMatthew McPherrinFeb 14, 2025
@ryanc Splitting S/MIME from TLS roots has already been in progress. I'm less familiar with the details as we don't operate an S/MIME root, but I believe Mozilla and Chrome already have some requirements around that
Show threadZashFeb 14, 2025
@mattm That sounds like trouble for #SMTP and #XMPP and anything else doing mutual certificate authentication between servers. 😟
Show threadMatthew McPherrinFeb 15, 2025
@zash Yes. If you're using Let's Encrypt for client certs, start planning a migration now.
Show threadZashFeb 15, 2025
@mattm Atleast @prosodyim has long had a hack that validates client certificates as if they are server certificates since this purpose flag has not always been available from other CAs, and snce both ends of a server-to-server connection are servers.
Show threaduexoFeb 15, 2025
@zash @mattm What key usages do XMPP servers usually check for?
Show threadmethuselahFeb 15, 2025
hope this doesn't affect too much things
Show threadCorsacFeb 15, 2025
@zash @mattm isn’t ClientAuth mostly used for client (browser) authentication and maybe VPN clients? I think SMTP servers all use ServerAuth
Show threadZashFeb 15, 2025

@corsac @uexo I know that OpenSSL checks the certificate purpose based on whether you initialize a client or server context, and in #Prosody we have a tweak that flips the validation for one of them so that incoming server-to-server connections are validated as if it was an outgoing connection.

I also remember other servers requiring the clientAuth purpose, long ago, in the before Let's Encrypt times.

Hopefully it will not be a problem this time around.

Show threadChristophe Brocas Feb 15, 2025

@mattm and one more certificate issue to handle (server and client auth EKU certificates) in my company after the coming certificate lifetime reduction.

Hard times currently in corporate envs due to public certs πŸ˜”

Show threadChristophe Brocas Feb 15, 2025
@mattm thanks a lot @mattm for alerting us πŸ™