Gerv,

Is there a provision for signing SHA-1 OCSP signing certificates?  Perhaps this 
is covered in #1, but specifically allowing SHA-1 OCSP Signing certificates 
(under SHA-1 CAs which have active SHA-1 TLS certificates) would be a good idea 
for clarity.

For #2:
- Can roots issue SHA-1 signed certificates?  You seem to preclude this, but of 
course we need that for OCSP signing certs.
- What if the Intermediate (or root if you permit that) does not have an EKU, 
can that be used to sign certificates?  I'm guessing most older intermediate 
CAs don't have EKU, so this means most SHA-1 CAs can be used to issue 
certificates (I'm not sure if this was your intent).

Why can's CAs sign Precertificates? 

-----Original Message-----
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham 
via Public
Sent: Thursday, January 12, 2017 12:52 PM
To: CABFPub <public@cabforum.org>
Cc: Gervase Markham <g...@mozilla.org>
Subject: Re: [cabfpub] Mozilla SHA-1 further restrictions (v4)

Here's v4. I've decided to leave the email situation unchanged for now, in the 
name of getting the SSL situation put to bed. We can address it in a different 
discussion.

This is the same as v3 except it allows the issuance of SHA-1 intermediates to 
add EKUs so that they can be used in chains meeting the other requirements (a 
fix for a problem Bruce pointed out).

<quote>
CAs may only sign SHA-1 hashes over end-entity certificates which chain up to 
roots in Mozilla's program if all the following are true:

1) The end-entity certificate:
* is not within the scope of the Baseline Requirements;
* contains an EKU extension which does not contain either of the id-kp-
  serverAuth or anyExtendedKeyUsage key purposes;
* has at least 64 bits of entropy from a CSPRNG in the serial number.

2) The issuing intermediate:
* contains an EKU extension which does not contain either of the id-kp-
  serverAuth or anyExtendedKeyUsage key purposes;
* has a pathlen:0 constraint.

CAs may only sign SHA-1 hashes over issuing intermediates which chain up to 
roots in Mozilla's program if the certificate to be signed is a duplicate of an 
existing SHA-1 intermediate certificate with the only change being the addition 
of an EKU to meet the requirements outlined above.

CAs may only sign SHA-1 hashes over OCSP responses if the signing certificate 
contains an EKU extension which contains only the id-kp-ocspSigning EKU.

CAs may only sign SHA-1 hashes over CRLs for roots and intermediates which have 
issued SHA-1 certificates.

CAs may not sign SHA-1 hashes over other data, including CT pre-certificates.
</quote>

Gerv
_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Reply via email to