On 16/12/2016 00:36, Roland Shoemaker wrote:
Let's Encrypt is currently considering moving away from using SHA1 as the issuer subject/public key hashing function in OCSP responses and using SHA256 instead. Given a little investigation this seems like a safe move to make but we wanted to check with the community to see if anyone was aware of legacy (or contemporary) software issues that may cause us any trouble.
I believe it would cause a problem with legacy systems that don't understand SHA-256 signatures at all, noting that such systems will only ever trust SHA-1 (and older) certificates, thus SHA-1 signing can be limited to cases where the CA chain leading to the certificate issuer has no SHA-256 signatures and the certificate being checked is not a known SHA-256 certificate (generating the dynamic rejection response for a never issued certificate would choose the hash based on the hash algorithm in the involved intermediary CA certs). I wonder if Let's Encrypt ever issued SHA-1 certificates, and if any of those are non-expired. Worst case, I guess there might be only a few such certificates, all of them Intermediary CA certs (given that LE only issues TLS, CA and OCSP-signing certificates, and the former have 3 month lifetime). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
