Hi Kathleen. "Certificate ID" seems like entirely the wrong name for this field, given that it [SHA-256(der(subject) + der(spki))] doesn't actually identify a unique certificate! Indeed, the whole point of having this field seems to be to identify _multiple_ related certificates.
Why not call it "SHA-256(Subject + SPKI)" instead? On 26/09/16 18:01, Kathleen Wilson wrote: >> Summary of changes: >> >> - 'Signature Hash Algorithm' will have new drop down list: >> md2WithRSAEncryption, md5WithRSAEncryption, sha1WithRSAEncryption, >> sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, >> ecdsaWithSHA256, ecdsaWithSHA384. ecdsaWithSHA521 >> - 'Public Key Algorithm' will have new drop down list: RSA 1024 bits, RSA >> 2048 bits, RSA 4096 bits, EC secp256r1, EC secp384r1, EC secp521r1 >> - 'Signature Algorithm' & 'Signing Key Parameters' will be deprecated >> - 'Certificate ID' a new field will be added and auto populated. It >> identifies same logical certificate in different CA Hierarchies. >> SHA-256(der(subject) + der(spki)). >> - 'Certificate Serial number' new field on root page will be added and auto >> populated >> - 'CRl URl(s)' will be populated by urls ending with .crl only >> - Minor rearrangements of fields will be made to root and intermediate page >> layouts >> - A batch process will re-run PEM->JSON tool for all intermediate certs and >> populate PEM fields >> - Another batch process will add PEM info to root certs and all PEM fields >> will be populated by the values returned by x509certChecker utility >> (PEM->JSON) >> - 'Add/Update PEM info' button will be made available to root store managers >> who have write-access (currently only Mozilla and Microsoft) > > The changes listed above have been completed. > > >> - Reports which use 'Signature Algorithm'/ 'Signing Key Parameters' will >> show the new fields instead. >> - CSV Reports which use 'Signature Algorithm'/ 'Signing Key Parameters' will >> show the new fields instead. > > > The reports are still being updated. Some additional changes to the reports: > - Replacing SHA1 Fingerprint with SHA256 Fingerprint > - Adding Cert Serial Number and CertID -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
