On 16/03/2016 00:27, Charles Reiss wrote:
On 03/15/16 22:43, [email protected] wrote:
On Monday, March 14, 2016 at 5:28:32 PM UTC-7, Charles Reiss wrote:
ACTION #1a: As previously communicated, CAs should no longer be
issuing SHA-1 certificates chaining up to root certificates
included in Mozilla's CA Certificate Program. Check your systems
and those of your subordinate CAs to ensure that SHA-1
certificates chaining up to your included root certificates are
no longer being issued. Please enter the last date that a SHA-1
certificate was issued that chained up to your root
certificate(s) included in Mozilla's program. (Required)
Mozilla should make clear how this question should be answered
with respect to issuance of: a) SHA-1 subCAs which are constrained
by EKU to not issue TLS server or email certs (e.g. for code
signing); b) SHA-1 end-entity certificates which are constrained by
EKU to not be for TLS servers or email certs but whose issuing
subCA is not so constrained; c) SHA-1 end-entity certificates which
are not constrained by EKU but lack a common name or SAN which can
be used a server name or email address; and d) SHA-1 end-entity
certificates whose parent CA is constrained by EKU to not be for
TLS server or email certs;
The question as written would seem to me to apply to all of these
(since "SHA-1 certificates chaining up to your included root
certificates" is not qualified), but it seems, from inclusion
request discussion, that CAs tend to think that "out of scope"
certificates need not be mentioned.
Does the following text clear it up?
ACTION #1a: As previously communicated, CAs should no longer be
issuing SHA-1 certificates chaining up to root certificates included
in Mozilla's CA Certificate Program. This includes TLS/SSL and S/MIME
certificates, as well as any intermediate certificates that they
chain up to. Check your systems and those of your subordinate CAs to
ensure that SHA-1 based TLS/SSL and S/MIME certificates chaining up
to your included root certificates are no longer being issued. Please
enter the last date that a SHA-1 based TLS/SSL certificate was issued
that chained up to your root certificates included in Mozilla's
program. (Required)
For reasons discussed in thread on BR scope here (that restrictions from
certificate contents won't be effective against a chosen-prefix
collision attack), I was hoping that Mozilla would ask whether CAs would
continue issuing any SHA-1 certificates, regardless of suitability for
TLS or S/MIME (except those that chain through technically constrained
subCAs issued before 2016). But perhaps that needs to be done in context
of more expansive improvements to Mozilla's policies.
I would suggest that in order to make themselves compliant, CAs should
be allowed to internally generate and issue a very limited number of
new technically constrained SHA-1 subCAs, where extreme precautions are
taken to ensure the internal data to be signed does not facilitate
SHA-1 collisions. The major CAs probably did that before the 1/1/2016
deadline, but some of the smaller CAs may have not gotten that done yet.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
