Score:1

What is Cross signing of root certificates and how does it help at time of root certificate expiry?

sg flag

I got to know that Root CA's are cross signed so that at the time of certificate expiry, there are no outages. However, I am unable to find any good docs explaining how cross signing works and how it prevents outages when a root CA certificate is going to expire in the near future?

While researching, I found the below from ssltrust.in:

"Cross-signing is simply when multiple valid paths exist between a root certificate and a node certificate. This can be advantageous for a number of reasons. Sometimes, a certificate in the chain expires. While it would be nice if every piece of software was frequently updated and shipped an up-to-date copy of the root CA store, this is not the case in the real world. Many devices, for a number of reasons, are not subject to regular updates. Strategically cross-signing intermediate certificates from an older (therefore more likely to be present on the larger subset of devices in the wild) root certificate, “buys some time”."

So does this mean that Intermediate CA's are cross signed (signed by more than one Root CA so that even if one of the Root CA expires, there would still be a valid chain of trust) and not root CA's?

Also, is cross-certificate different than cross signing? From this Microsoft page - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/cross-certificates-for-kernel-mode-code-signing

"A cross-certificate is a digital certificate issued by one Certificate Authority (CA) that is used to sign the public key for the root certificate of another Certificate Authority. Cross-certificates provide a means to create a chain of trust from a single, trusted, root CA to multiple other CAs."

So it does seem that Cross certificates and cross signing are different, and how come it is mentioned that "A cross-certificate is a digital certificate issued by one Certificate Authority (CA) that is used to sign the public key for the root certificate of another Certificate Authority." Aren't root certificates self signed?

Score:2
cn flag

No, cross certificates and cross signing are not really different things, and it is true that both intermediate CAs and what we normally call root CAs can be cross-certified.

Your confusion may be due to the fact it's blurry exactly what a root is. There are numerous CAs that want to be roots, that hold themselves out as roots, that publish root certs, that apply to be included in root-cert programs, etc. But each relier, i.e. each of us, ultimately decides which CAs we trust as roots, although most of us simply accept the trust defaults set by browser or system vendors (Microsoft, Apple, Mozilla/Firefox, Sun/Oracle/Java, Goolge/Chrome and Android, etc). Whether a given CA looks like a root can depend on who is looking. For example for a long time GeoTrust had their own published root, but also had cross certs for the same CA (maybe several, I only recall one for sure) from Equifax. Some people or systems trusted the GeoTrust root(s?) and treated them as root CA(s); some didn't, but did trust Equifax, and thereby trusted GeoTrust as subordinate CA(s) under Equifax. So in that situation was GeoTrust a root or not?

A more current -- and complicated -- example is LetsEncrypt. When they started operations they generated their own 'ISRG' root and started applying to have it accepted, but initially they had their two intermediate (subordinate) CAs LetsEncrypt X3 and LetsEncrypt X4 (I'm abbreviating the names for convenience) signed by DST Root X3, an established root, to allow them to start fast without waiting for their own root to be accepted. (Technically they started with intermediates X1 and X2, but those were quickly replaced by X3 and X4 due to a problem I don't remember, like maybe they didn't work with MSIE or something.) Just this year, after about 5 years of effort, they finally got ISRG Root X1 accepted widely enough they could switch to using it; in the meantime they added ISRG Root X2, which AFAICT isn't so widely accepted yet. So now they use this trust structure:

  • intermediates R3 and R4 are primarily chained (the dark lines) to ISRG Root X1, but they also can be chained (the gray lines) to DST Root X3 if you want

  • for those (few) systems that don't trust ISRG X1, there is still a cross (also called bridge) cert from DST X3

  • intermediates E1 and E2 are chained to ISRG X2, which can be a root, but for the (many) systems that don't trust ISRG X2 it is also cross-certified by ISRG X1 (and thus indirectly by DST X3 if needed)

This is complicated by the fact that the DST X3 cert expires in a few weeks (2021-09-30). The standard rules do not say whether chain validation using an expired root cert must or should fail, partly because they don't specify a root cert at all, only certain fields; nearly all software finds it convenient to use a certificate as the data structure for a root (also called anchor) identity and key, but this is not required. So chains using DST X3 may soon become invalid, or they may not, depending on factors most users won't be able to understand, which is not a very good thing.

A root certificate is always self-signed, yes. (This is shown by the self-loop arrows on the LetsEncrypt diagram.) However, a CA that has a root cert may also have a cross cert, or even several, that is/are not self-signed but is/are for a CA which may be labelled, and viewed, as a root CA. Clear as mud?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.