TLS Certificate Authority root certificates and their dates

January 3, 2021

One response to the idea that Certificate Authority root certificates in your system's trust store should have their dates ignored (which is done in practice by some versions of Android and which you might put forward as a philosophical argument) is to ask why CA root certificates even have dates in that case. Or to put it another way, if CA root certificates have dates, shouldn't we respect them?

I think there are two levels of answers about why CA root certificates have dates. The first level is that 'not before' and 'not after' times are required in TLS certificates, and there is no special exemption for CA root certificates (this has been required since at least RFC 3280). As a practical matter, using well-formed and not to badly out of range times is probably required because doing otherwise risks having certificate parsing libraries rejecting your root certificate.

The second level is that more or less from the start of SSL I believe there was at least a social expectation that Certificate Authority root certificates would have 'reasonable' expiry dates. People could have generated root certificates that expired in 2099 (or 2199), but they didn't; instead they picked much closer expiry times. Some of this was probably driven by general cryptographic principles of limited lifetimes being good. Back in the early days of SSL (and it was SSL then), this didn't seem as dangerous as it might to us today because it was often a lot easier to get new root certificates into browser and operating system trust stores.

(Some of it may have been driven by fears of running into the Unix year 2038 problem if you had certificate expiry times that were past that point. Some modern CA root certificates carefully come very close to but not past this time, such as this Comodo root certificate, which has an end time that is slightly over three hours before the critical Unix timestamp. On the other hand, Amazon has CA 2, CA 3, and CA 4 that expire in 2040. And HongKong Post Root CA 3 expires in 2042.)

Given that root certificates have to have dates and even early ones likely faced various pressure to not make their end date too far into the future, the end dates of root certificates don't necessarily reflect the point at which one should end trust in a root certificate. Since there isn't general agreement about this, there probably wouldn't be enough support to introduce a special far off date to signal 'trust forever' and then explicitly treat all other dates as real cutoff dates.

(Mozilla may have a policy on the maximum validity of root certificates they'll include, but if so I can't find it. Their current report of CA root certificates in Firefox (see also) currently seems to have nothing after 2046.)

Written on 03 January 2021.
« The modern web and (alleged) software stagnation in the past few decades
TLS Certificate Authority root certificate expiry dates are not how trust in them is managed »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Jan 3 23:20:15 2021
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.