Signing: macOS's distrust model overrides custom contextual trust

[dtivel]

NuGet Product Used

dotnet.exe

Product Version

.NET 5 SDK+

Worked before?

No response

Impact

Other

Repro Steps & Context

In March 2022, I confirmed with Apple developer technical support that Apple had recently updated macOS's X.509 distrust model to explicitly distrust the intermediate certificate in the Symantec timestamping certificate chain used to timestamp NuGet.org packages.

When chain building the end certificate using macOS's default system trust store, the certificate chain validates successfully as trusted; however, the built chain terminates at the intermediate instead of the root.

When chain building the end certificate with custom trust anchors (including the timestamping root), macOS's distrust model overrides the implicit, transitive trust on the intermediate conferred by the explicit, contextual trust on the root. The end result is that certificate chain building fails with explicit distrust.

None of the solutions considered is attractive at this time, so we’re postponing macOS support for NuGet signed package verification during restore operations for the foreseeable future. Signed package verification is still possible using the dotnet nuget verify command.

Relevant timestamping certificate chains:

• root: VeriSign Universal Root Certification Authority
• intermediate: Symantec SHA256 TimeStamping CA
• end: Symantec SHA256 TimeStamping Signer - G3, Symantec SHA256 TimeStamping Signer - G2

Verbose Logs

No response

[nkolev92]

@dtivel Is there a proposal for an action that we're going to take on this?

[dtivel]

@nkolev92, no, not at this time.