PLEASE NOTE: Upcoming changes in Let's Encrypt issuer certificates
Viktor Dukhovni
ietf-dane at dukhovni.org
Sun Dec 6 04:02:04 CET 2020
> On Sep 21, 2020, at 4:22 AM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> Please note that the Let's Encrypt intermediate CA certificate "X3" will soon be
> phased out in favour of "R3" and "E1" which have new keys, and so any DANE TLSA
> "2 1 1" records matching "X3" will not match "R3" or "E1".
This has now happened. New Let's Encrypt certificates are being issued via "R3"
and "X3" has been retired:
http://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html
https://letsencrypt.org/certificates/#intermediate-certificates
Over the next 60-90 days the remaining not yet expired or renewed certificate
chains issued by "X3" are still will age out, at which point no one will need
to include the "X3" or "X4" hashes in their TLSA records.
If your TLSA records still include only "X3", the current renewal cycle is your
last opportunity to add the hashes "R3", "R4", "E1" and "E2" to your your TLSA
RRset. The extant "X3" hash can be removed once a new certificate issued by
one of the new CAs is deployed.
Over the last few days the DANE survey has started reporting a handful of new
failures each day that resulted from a new "R3" certificate for an MX host
whose TLSA RRset included only the "X3" hash. Please save yourself and me
the trouble of dealing with this only after an initial outage.
Also as explained in:
http://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html
Please avoid issuer TLSA records with selector Cert(0), i.e. "2 0 1" and
"2 0 2". These are much more fragile, and worse, "R3" and "R4" are cross-signed
by two different issuers, so there are two differnt full cert hashes for R3 and
R4, but just one underlying public key and corresponding "2 1 1" hash.
DO NOT use "2 0 1" or "2 0 2" records. The best choice is "2 1 1".
--
Viktor.
More information about the dane-users
mailing list