On Sat, Feb 9, 2019 at 8:55 PM Corey Bonnell via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Hello, > Section 5.1 of the Mozilla Root Store Policy ( > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/) > specifies the allowed set of key and signature algorithms for roots and > certificates that chain to roots in the Mozilla Root Store. Specifically, > the following hash algorithms and ECDSA hash/curve pairs are allowed: > > • Digest algorithms: SHA-1 (see below), SHA-256, SHA-384, or SHA-512. > • P‐256 with SHA-256 > • P‐384 with SHA-384 > > Given this, if an End-Entity certificate were signed using a subordinate > CA’s P-384 key with ecdsa-with-SHA512 as the signature algorithm (which > would be reflected in the End-Entity certificate's signatureAlgorithm > field), would this violate Mozilla policy? As I understand it, an ECDSA > signing operation with a P-384 key using SHA-512 would be equivalent to > using SHA-384 (due to the truncation that occurs), so I am unsure if this > would violate the specification above (although the signatureAlgorithm > field value would be misleading). I believe the same situation exists if a > P-256 key is used for a signing operation with SHA-384. > > Any insight into whether this is allowed or prohibited would be > appreciated. > > Thanks, > Corey I don’t think you can read that policy, as written, and legitimately interpret it as allowed. It’s literally not listed. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
