Nelson Bolyard wrote:
On 2009-05-20 13:58, Kathleen Wilson wrote:
When processing a cert chain, does Mozilla use a specified algorithm/
order for determining which root to use when there are two roots
included that are identical except for signature algorithm and serial
number?
The algorithm for choosing from among multiple certs with the same
subject name and key ID generally involves picking the "newest" one.
When multiple certs have the same exact notBefore and notAfter dates,
the order is determined by the certs' relative positions in the cert
cache, which is effectively unpredictable. So, for purposes of this
discussion, the short answer to your question is: no.
So, just to clarify: I *think* you're proposing that we do the following
in cases where CAs issue new root certificates with stronger signature
algorithms (e.g., upgrading MD2 or MD5 roots to use SHA-1):
1. We should keep the old root certificates in the root list, at least
for now. Rationale: It does no harm to keep the old roots, since we do
not check signatures on roots, and it may prevent possible errors when
Firefox, Thunderbird, etc., receive a full cert chain that includes the
old root.
2. We should encourage CAs to issue the new replacement roots with
notBefore and notAfter dates that are later than the corresponding dates
for the old roots. Rationale: This ensures that NSS will
deterministically select the newer root in cases where there is a choice
to be made. (Does this include the case when Firefox, etc., receive a
full cert chain that includes the old root?)
Is the above a correct reading of your comments?
Frank
--
Frank Hecker
hec...@mozillafoundation.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
