On Mon, Jan 18, 2016 at 11:24 PM, Ryan Sleevi < [email protected]> wrote:
> > > There isn't in Chrome, and here's the bug thread where the > > Chrome team denied fervent requests by someone behind an enterprise > > firewall to add MD5 support in behind a command line flag: > > That's not a decision we would repeat today. It's a decision we made only > because the issues didn't surface until we hit stable, so any fix would > have taken us 6 months (based on the then scheduled 8 week release > iteration) > Really? Given your last few years of experience, if you could time travel back to 2012, you would tell Past Ryan Sleevi to make a different decision at that time about adding a flag for MD5 support in the enterprise? Was there significant observed negative fallout of that decision? > > How weak does SHA-1 have to get before that balance changes? Is it > totally > > dependent on existing enterprise adoption rates, and ambient > > non-disruptive > > user warnings? > > Even if it's totally broken, I think the risk proposition is still > questionable, given how exploiting a chosen-prefix works. > Sure, but part of the benefit of shutting off SHA-1 issuance is to remove SHA-1 code from the overall software pipeline altogether, and to remove the opportunity for bugs and mistakes from having outsized impacts on critical infrastructure. I would put browser certificate validation code in a similar category of critical software infrastructure as CA issuance code. Removing SHA-1 validation code from browsers altogether is a much stronger guarantee than depending on logic which distinguishes between publicly trusted and locally trusted roots, which, as discussed on this thread already, is quite tricky. > Maybe that's something other browsers could work on publishing too? > > I think such telemetry (from Firefox and Chrome) will be horribly > misleading for this case. Our opt-in rate of metrics for enterprises are > so low that any conclusions would be grossly misleading. We've certainly > seen this with MD5 and SHA-1 measurements. > That's a great point, but Peter's data was from website logs, and detecting middleboxes in that data is about comparing TLS "fingerprints" to sent user agents. That's not something enterprises have to opt-in to. So, large website operators could be providing valuable (appropriately aggregated, etc.) data in this regard. I'd say that a lack of clear data to describe the impact of middleboxes on the internet today is part of what led to the Legacy Validation proposal in December, and part of what made it hard to discuss in a clear and grounded fashion. -- Eric -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
