Option to disable enforcement of EKU on leaf cert? #1100
Description
Much in the vein of my question in #1098, would there be any interest in considering a server option to disable enforcement of the RFC 3161 section 2.3 strict requirement for a critical timestamping EKU on the leaf cert? There's a reason behind this question...
As I have dug into the requirements for timestamping PDFs, I've learned that in order for a PDF's timestamp to be enabled for LTV (long-term validation), there has to be valid revocation-check (OCSP or CRL) information for all non-root certs used in the timestamp to prove that the certs were valid at the time of timestamping, and this information has to be embedded in the PDF. Which means that the CA that issued all the certs used for the timestamp has to have revocation-check endpoints to check the validity of the certs, and has to embed the URLs for those endpoints in the issued certs. That functionally means that if you want to timestamp a PDF and have LTV enabled in the timestamp, your timestamp server has to have a leaf cert (and any intermediate certs) issued by a CA that does this... and as far as I can tell, there aren't any commercial CAs that will issue a cert with a timestamping EKU.
This functionally means that for this use case, the only options are to use one of the timestamp services run by the major CAs or other big players, and can't really ever use something like timestamp-authority backed by KMS keys; none of the KMSes would have any way to provide revocation-checking services for certs generated from those keys. (As far as I can tell, even the GCP CA service doesn't have an OCSP or CRL endpoint available, which I would have thought would have been a no-brainer for them.) But if it were possible to run timestamp-authority with a switch disabling the strict timestamping EKU check, then it would be possible to create a leaf cert CSR signed by a KMS key (e.g., using something like the OpenSSL AWS KMS engine, or any of the other ways to generate CSRs from KMS keys), sign it with an on-prem CA like Hashicorp Vault that has revocation-checking endpoints, and you'd be good to go.
(I swear, I'm not here to needle you — I just fell down the timestamping rabbit hole over the past three weeks, as part of a complicated project, and I keep uncovering questions that might be worth asking!)