On Fri, 22 Mar 2019 12:50:43 -0600 Wayne Thayer via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> I've been asked if the section 5.1.1 restrictions on SHA-1 issuance > apply to timestamping CAs. Specifically, does Mozilla policy apply to > the issuance of a SHA-1 CA certificate asserting only the > timestamping EKU and chaining to a root in our program? Because this > certificate is not in scope for our policy as defined in section 1.1, > I do not believe that this would be a violation of the policy. And > because the CA would be in control of the entire contents of the > certificate, I also do not believe that this action would create an > unacceptable risk. It was the intent of section 5.1.1 to apply to such certificates, and the wording in 5.1.1, which talks about "CAs" signing "SHA-1 hashes" means that 5.1.1 applies even when the apparent signed data isn't a certificate in scope of Mozilla policy. This is necessary because the problem with hash collisions is that while the data the CA thinks it's signing might not be a certificate in scope of Mozilla policy, the hash might collide with a certificate that *is* in scope. Although this isn't a risk when the CA controls all the data to be signed, 5.1.1 doesn't distinguish this case. However, 5.1.1 provides an exception if a CA needs to issue a SHA-1 intermediate certificate: > CAs MAY sign SHA-1 hashes over intermediate certificates which chain > up to roots in Mozilla's program only if the certificate to be signed > is a duplicate of an existing SHA-1 intermediate certificate with the > only changes being all of: > > * a new key (of the same size); > * a new serial number (of the same length); > * the addition of an EKU and/or a pathlen constraint to meet the > requirements outlined above. This is the only compliant way a CA can sign a SHA-1 intermediate that chains up to a root that's included by Mozilla. Regards, Andrew _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
