Requirements on National Backend TLS client certificate key usage

[Razumain]

Insufficient requirements on NB-TLS client certificate key usage

Section 4.5 of certificate-governance.md is insufficient. The current text says:

Beware that self-signed certificates should also contain the key usage Certificate signing (keyCertSign), so that OpenSSL can verify the (self) signature of the certificate.

As we learned during the dry-run, this is not a SHOULD, but a MUST. Or has this changed to just be a recommendation?

In case this is a MUST, then I would also recommend to lift this into the table above

Field	Value
Subject	cn=<non-empty and unique common name>, o=<Provider>, c= <Member State of the NB>
Key Usage	digital signature (at minimum) keyCertSign (If the certificate is self signed)
Extended Key Usage	client authentication (1.3.6.1.5.5.7.3.2)

Note: that the requirement is really in error as there is no support for the requirement of keyCertSign in any of the open standards of PKI, but if this key usage is required any way due to how current tools work, then it should be made mor clear.

An example that highlights the contradiction is the following requirement from RFC 5280:

The keyCertSign bit is asserted when the subject public key is used for verifying signatures on public key certificates. If the keyCertSign bit is asserted, then the cA bit in the basic constraints extension (Section 4.2.1.9) MUST also be asserted

That is: A certificate with keyCertSign set, MUST be a CA, which is not true for the TLS client. But I'm really not trying to change this requirement at this point, just making sure it is is clearly stated. Some comment on this contradiction may however be in place.

[daniel-eder]

@SchulzeStTSI I think you discussed this in another issue, what's the status on this?