On 05/11/15 20:01, [email protected] wrote:
I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP.
The later one is not that far away [1].
Maybe it's the right time to consider them?
I would like to (and I expect to) see these in a future version of the BRs.
There seems little point in the Mozilla CA Policy permitting additional
algorithms that the BRs don't currently permit. If the
Microsoft/Apple/Google/etc CA policies don't permit these algorithms,
then CAs can't use them anyway.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105
Am 05.11.2015 um 19:46 schrieb Kathleen Wilson:
The next two topics to discuss [1] have to do with section 8 of
Mozilla’s CA Certificate Maintenance Policy.
The proposals are:
- (D15) Deprecate SHA-1 Hash Algorithms in certs.
and
- (D4) In item #8 of the Maintenance Policy recommend that CAs avoid
SHA-512 and P-521, especially in their CA certificates. This is to
ensure interoperability, as SHA-512 and (especially) P-521 are less
well-supported than the other algorithms. (Note: On the page you
linked to, P-521 is incorrectly spelled "P-512".)
-- Not sure if we should make this change...
Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1129083 was filed to
remove support for certs signed using SHA-512-based signatures, but it
was closed as invalid, and SHA-512 support was fixed via
https://bugzilla.mozilla.org/show_bug.cgi?id=1155932
Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1129077 was filed to
remove support for certs that use the P-521 curve. But this is still
up for discussion.
So, do we really want to add a comment to Mozilla's policy about
limited support for SHA-512 and P-521?
Here's what Mozilla's policy currently says:
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/
~~
8. We consider the following algorithms and key sizes to be acceptable
and supported in Mozilla products:
- SHA-1 (until a practical collision attack against SHA-1 certificates
is imminent);
- SHA-256, SHA-384, SHA-512;
- Elliptic Curve Digital Signature Algorithm (using ANSI X9.62) over
SECG and NIST named curves P-256, P-384, and P-512;
- RSA 2048 bits or higher; and
- RSA 1024 bits (only until December 31, 2013).
~~
I recommend that we change it to the following:
~~
8. We consider the following algorithms and key sizes to be acceptable
and supported in Mozilla products:
- SHA-256, SHA-384, SHA-512;
- Elliptic Curve Digital Signature Algorithm (using ANSI X9.62) over
SECG and NIST named curves P-256, P-384, and P-521; and
- RSA 2048 bits or higher.
~~
Another option is to delete this section from Mozilla's policy,
because it is covered by the Baseline Requirements. However, the
Baseline Requirements allows for DSA, which Mozilla does not support.
The “Key Sizes” section of the Baseline Requirements allows for:
SHA‐256, SHA‐384 or SHA‐512
NIST P‐256, P‐384, or P‐521
DSA L= 2048, N= 224 or L= 2048, N= 256
As always, I will appreciate your thoughtful and constructive input
into this discussion.
Kathleen
[1]
https://wiki.mozilla.org/CA:CertificatePolicyV2.3#Proposed_Changes_That_Need_To_Be_Discussed
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
