From d585be238132e6eb955a08481c297f8b6dfd64b3 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Sat, 9 Jul 2022 14:59:50 +0200
Subject: [PATCH] Add README.md with requirements

---
 README.md | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 137 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ef7c3e0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,137 @@
+# Class 3 re-signing procedure 2022
+
+The CAcert class3 re-signing in 2021 produced a subordinate CA certificate with at least two known issues:
+
+- The CA certificate has a CA issuer URL that points to itself instead of to the Root CA certificate, this makes at
+  least Icinga's `check_ssl_cert` monitoring plugin fail, if a endpoint certificate issued by the 2021 class3
+  certificate is checked
+- The class 3 subordinate CA certificate does not contain all expected extended key usages, some providers
+  (i.e. Google) do not accept the certificate for verifying document or email signatures
+
+The re-signing planned for 2022 is just an intermediate step. We are aware that our current certificate hierarchy is
+not state of the art, and we need to do a properly planned re-creation. There is a
+[work-in-progress design document](https://nextcloud.cacert.org/s/sZ7NmKHNCJ3GbdF) in the internal Nextcloud instance.
+
+## Requirements for the new class 3 certificate
+
+The class 3 certificate must contain the following fields:
+
+- [Version](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.1):
+  v3
+- [Serial Number](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.2):
+  determined by signing procedure (ascending integer currently)
+- [Signature](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.3):
+  `sha512WithRSAEncryption` OID [1.2.840.113549.1.1.13](https://www.rfc-editor.org/rfc/rfc5754.html#section-3.2)
+- [Issuer](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.4):
+
+  `emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA`
+  (Subject of CAcert Root CA certificate aka class1, applied by signing procedure)
+
+- [Validity](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.5):
+  include validity duration with a "do not use after" field value before the "do not use after" field value of the root
+  certificate and a validity of 5 years (use the smaller/earlier expiry value)
+
+  The Root CA certificate has a validity of
+
+      Validity
+        Not Before: Mar 30 12:29:49 2003 GMT
+        Not After : Mar 29 12:29:49 2033 GMT
+
+  The class 3 certificate should therefore use `Not Before` = issuing date, `Not After` = issuing date + 5 years
+
+  The timestamps must be encoded as UTCTime (according to
+  [RFC-5280 Section 5.1.2.5.1](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.5.1))
+
+- [Subject](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.6):
+
+  `CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.`
+
+  using the same encoding (PrintableString) as the current 2021 class 3 CA certificate for all RDNs 
+
+- [SubjectPublicKeyInfo](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.7):
+  use the existing [RSA](https://www.rfc-editor.org/rfc/rfc3279#section-2.3.1) key pair
+
+      Public-Key: (4096 bit)
+      Modulus:
+          00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9:
+          dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da:
+          89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0:
+          24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8:
+          c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa:
+          51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44:
+          8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34:
+          29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98:
+          65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0:
+          ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e:
+          97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4:
+          cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6:
+          85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72:
+          35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e:
+          4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e:
+          0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9:
+          2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64:
+          27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed:
+          5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4:
+          cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11:
+          36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3:
+          d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70:
+          40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a:
+          e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a:
+          df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20:
+          2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97:
+          4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1:
+          ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48:
+          00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a:
+          25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11:
+          c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91:
+          99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af:
+          8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42:
+          74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40:
+          05:fb:e9
+      Exponent: 65537 (0x10001)
+
+### Extensions
+
+- [AuthorityKeyIdentifier](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.1):
+  reference the Root CA certificate's public key in the `keyIdentifier` field:
+
+  `16:b5:32:1b:d4:c7:f3:e0:e6:8e:f3:bd:d2:b0:3a:ee:b2:39:18:d1` (sha1 hash of the Root CA certificate's public key)
+
+- [SubjectKeyIdentifier](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.2):
+  reference the own public key
+
+      $ openssl sha1 -c class3_pubkey.der
+      SHA1(class3_pubkey.der)= f0:61:d8:3f:95:8f:4d:78:b1:47:b3:13:39:97:8e:a9:c2:51:ba:9b
+
+- [KeyUsage](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.3):
+
+  `key cert sign, crl sign; critical`
+
+- [CertificatePolicies](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.4):
+
+      PolicyInformation [
+        CertPolicyId 1.3.6.1.4.1.18506.4.4
+        PolicyQualifiers [
+          id-qt-cps
+          cPSuri https://www.cacert.org/policy/CertificationPracticeStatement.html
+        ]
+      ]
+
+  The CertPolicy OID 1.3.6.1.4.1.18506.4.4 is defined at https://wiki.cacert.org/OidAllocation. The 2021 class 3 CA
+  certificate contained a cps.php link, which does not make sense for a static document.
+
+- [BasicConstraints](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.9):
+  `CA: true, patLenConstraint: 0; critical`
+
+- [Extended Key Usage](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.12):
+  `server auth, client auth, email protection, code signing, OCSP signing, SmartCard logon, anyExtendedKeyUsage`
+
+- [CRL Distribution Points](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.13):
+  http://crl.cacert.org/class3-revoke.crl
+
+- [Authority Information Access](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.2.1):
+
+  - CA issuers: https://www.cacert.org/certs/root_X0F.der
+
+    Reference the Root CA certificate's canonical DER URL
+  - OCSP: URI:http://ocsp.cacert.org/