On 06/10/2016 15:58, Gervase Markham wrote:
On 06/10/16 12:38, Jakob Bohm wrote:
Which is why I have repeatedly suggested that maybe the rules should be
changed to promote/demote some of the historic SHA-1 root certs into
"SHA-1 forever" roots that can service older devices and browsers, even
for regular websites concerned about allowing visits from older devices
while transitioning their websites to HTTPS-only.
That has effectively happened; those roots have been removed from
current root stores, but if you talk to the right CA you can still get a
cert from one.
Good, now communicate it.
Ideally, there should also be a way for TLS servers (such as web
servers) to detect if the TLS client suffers from historic public key
limitations such as SHA-1 only, low maximum DH key size etc., thus
allowing the TLS server to use stronger certificates and FS keys for
new clients.
Again, this exists - people use the cipher suite set, or support (or
lack of it) for TLS or TLS 1.2.
I know, I do that too, but it is quite a wobbly heuristic as there is
no clear set of those to indicate e.g. support for >1024 bit EDH or
>256 bit ECC EDH. Nor do I see a good candidate for indicating >16384
bits RSA (as a future example not yet supported by some SSL clients).
P.S.
I seem to receive 3 copies of your replies, 2 in my inbox and 1 in the
newsgroup.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
