----- Original Message ----- > From: "David E. Ross" <[email protected]> > To: [email protected] > Sent: Friday, July 4, 2014 8:42:58 PM > Subject: Re: Removal of 1024 bit CA roots - interoperability > > On 7/4/2014 6:27 AM, Hubert Kario wrote: > > The newly released NSS 3.16.3 doesn't include 1024 bit CA certificates > > any more[1]. This will of course impact users of servers that still use > > it. > > > > Interestingly, some intermediate CA certificates that were originally > > signed by those 1024 bit CA certificates got cross signed using > > different roots that will remain trusted[2]. In particular I mean the > > "USERTrust Legacy Secure Server CA" certificate. > > > > Problem is, that some administrators haven't updated their servers > > to provide the new intermediate certificate for 3 years. As such, > > I don't think we can realistically expect all of them to update their > > configuration now. > > > > While testing found just 217 sites as of 2014-05-30 that are > > impacted by this change[2], it did test only top 200 000 > > SSL enabled servers. I'd estimate the total number in Alexa top 1M > > alone at over 373k. Moreover, some of those sites include sites that > > are in the top 10000 sites, like groupon.my[3]. So loss of connectivity > > to them may have bigger impact than the above quoted 217 could lead > > us to believe. > > > > That's why I think that we should ship the intermediate CA certificates > > to make Firefox continue to interoperate with such sites. > > I don't mean only the USERTrust certificate, but others too, if they > > exist. > > > > 1 - https://bugzilla.mozilla.org/show_bug.cgi?id=1021967 > > 2 - https://bugzilla.mozilla.org/show_bug.cgi?id=936304 > > 3 - https://www.ssllabs.com/ssltest/analyze.html?d=groupon.my > > > > Why should Mozilla provide cover for server administrators who fail to > update their servers and for certification authorities who fail to > communicate clearly with their customers? I believe such action will > only encourage further such failures.
Because it is Mozilla that distrusts 1024 bit RSA CA keys ahead of CA/Browser forum schedule: " Root CA Certificate issued prior to 31 Dec. 2010 with an RSA key size less than 2048 bits MAY still serve as a trust anchor for Subscriber Certificates issued in accordance with these Requirements." There is no date as to when 1024 bit RSA roots are to be untrusted, unlike the intermediate certificates which all *do* have a hard date: 31st December 2014. > If the servers and certification authorities can actually be identified > and contact individuals be found, I would go as far as to inform them > that 1024 root certificates will no longer function in Mozilla products > by some date and suggest how to mitigate that situation (e.g., by > updating intermediate certificates to point to newer roots). I would > not go further. Like I said, they already were contacted by the CA's. 3 years ago! While it is negligence on the administrators part, working around it won't cause long lasting effects or security problems. I say that we should accommodate all the changes that are necessary to increase the strength of the trust chain. If shipping a pre cached (not explicitly trusted!) intermediate CA certificate requires that, so be it. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: [email protected] Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
