I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP. The later one is not that far away [1]. Maybe it's the right time to consider them?
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105 Am 05.11.2015 um 19:46 schrieb Kathleen Wilson: > The next two topics to discuss [1] have to do with section 8 of > Mozilla’s CA Certificate Maintenance Policy. > > The proposals are: > - (D15) Deprecate SHA-1 Hash Algorithms in certs. > and > - (D4) In item #8 of the Maintenance Policy recommend that CAs avoid > SHA-512 and P-521, especially in their CA certificates. This is to > ensure interoperability, as SHA-512 and (especially) P-521 are less > well-supported than the other algorithms. (Note: On the page you > linked to, P-521 is incorrectly spelled "P-512".) > -- Not sure if we should make this change... > > Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1129083 was filed to > remove support for certs signed using SHA-512-based signatures, but it > was closed as invalid, and SHA-512 support was fixed via > https://bugzilla.mozilla.org/show_bug.cgi?id=1155932 > > Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1129077 was filed to > remove support for certs that use the P-521 curve. But this is still > up for discussion. > > So, do we really want to add a comment to Mozilla's policy about > limited support for SHA-512 and P-521? > > Here's what Mozilla's policy currently says: > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ > > ~~ > 8. We consider the following algorithms and key sizes to be acceptable > and supported in Mozilla products: > - SHA-1 (until a practical collision attack against SHA-1 certificates > is imminent); > - SHA-256, SHA-384, SHA-512; > - Elliptic Curve Digital Signature Algorithm (using ANSI X9.62) over > SECG and NIST named curves P-256, P-384, and P-512; > - RSA 2048 bits or higher; and > - RSA 1024 bits (only until December 31, 2013). > ~~ > > I recommend that we change it to the following: > ~~ > 8. We consider the following algorithms and key sizes to be acceptable > and supported in Mozilla products: > - SHA-256, SHA-384, SHA-512; > - Elliptic Curve Digital Signature Algorithm (using ANSI X9.62) over > SECG and NIST named curves P-256, P-384, and P-521; and > - RSA 2048 bits or higher. > ~~ > > Another option is to delete this section from Mozilla's policy, > because it is covered by the Baseline Requirements. However, the > Baseline Requirements allows for DSA, which Mozilla does not support. > The “Key Sizes” section of the Baseline Requirements allows for: > SHA‐256, SHA‐384 or SHA‐512 > NIST P‐256, P‐384, or P‐521 > DSA L= 2048, N= 224 or L= 2048, N= 256 > > > As always, I will appreciate your thoughtful and constructive input > into this discussion. > > Kathleen > > [1] > https://wiki.mozilla.org/CA:CertificatePolicyV2.3#Proposed_Changes_That_Need_To_Be_Discussed > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
