The following 'ACTION #1c' has been added to the communication, which is here: https://wiki.mozilla.org/CA:Communications#March_2016 and click on "Link to DRAFT of March 2016 CA Communication".
~~ ACTION #1c: It has been pointed out in the mozilla.dev.security.policy forum that a chosen-prefix attack on SHA-1 could be used to forge a certificate if a CA's private key is used to sign *anything* with SHA-1. To what extent are SHA-1 based signatures still used in your infrastructure, including your root certificates that you currently have included in Mozilla's CA Certificate Program, as well as any CAs subordinate to them? Please check all the boxes below that apply. (Required) (a) There is no use of SHA-1 based signatures in our infrastructure. (b) We use SHA-1 to sign OCSP responses, but only under a dedicated OCSP responder certificate. (c) We use SHA-1 to sign OCSP responses, directly under a CA certificate. (d) We use SHA-1 to sign certificates. (e) We use SHA-1 signing in some other way. ACTION #1c TEXT INPUT: If you have selected (c), (d), or (e), please provide an explanation. If you selected (c), there is a potential for collision attacks, especially if your OCSP responder supports the nonce extension. Please indicate whether you support the OCSP nonce extension, and any measures you have in place to prevent SHA-1 based attacks. If you selected (d), what type of SHA-1 certificates are you issuing that chain up to your root certificates that you currently have included in Mozilla's CA Certificate Program? When do you plan to stop issuing such certificates? What measures do you have in place to prevent SHA-1 based attacks? If you selected (e), please explain how you are using SHA-1 signing, and what measures you have in place to prevent SHA-1 based attacks. ~~ As always, I will appreciate your thoughtful and constructive feedback on this. Thanks, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
