Re: Policy 2.7 Proposal: Clarify Section 5.1 ECDSA Curve-Hash Requirements

2019-11-08 Thread Ryan Sleevi via dev-security-policy 
On Fri, Nov 8, 2019 at 1:54 PM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> A few more questions have come up about this change:
>
> * Since mozilla::pkix doesn't currently support the RSA-PSS encodings, why
> would we include them in our policy?
>

They were included for completeness sake, as neither Mozilla Policy nor the
BRs presently forbid them.

I'm much in favor of not permitting them, but since the current restriction
on RSA keys does not restrict the signature algorithms used, we wanted to
make sure the combinations were suitable.


> * Related: would this detailed enumeration of requirements be better to
> place in the BRs than in Mozilla policy?
> * In that case it wouldn't cover S/MIME certs
> * We'd still need to exclude P-521 in Mozilla policy
> * It would end up in audit criteria and perhaps engineers implementing
> it would be more likely to be aware of it
> * Presumably the RSA-PSS encoding would be included in the BRs and
> would then potentially need to be excluded from Mozilla policy
>

I think the benefits are overstated relative the return and risk.

It should be deeply concerning if the BRs were to somehow be seen as taking
precedence over Mozilla Policy, or that CAs would ignore Mozilla Policy and
only pay attention to the BRs. To accept this argument is to suggest
Mozilla Policy is perhaps a less-valuable instrument for communicating
policy, at which point, the need for Mozilla Policy may be suspect.

While that likely sounds extreme, it carries to the logical conclusion the
same concerns we've seen with other elements of Mozilla Policy, such as
requirements on Intermediates, which were communicated for years, or in the
discussions of EKUs. That said, there are already in-progress efforts to
add these to the respective linting tools, which ostensibly brings greater
visibility than either audits or the BRs.

There's also an element which is that these specifications are themselves
already covered by the applicable standards (as previously shared). That
is, they are already an intrinsic part of the BRs, and it's precisely
because we know that people are not paying attention that the vehicle of
root policy becomes useful to *emphasize* and *clarify* the expectations.

This does seem an excellent candidate to add to Root Policy - in line with
existing and long-standing implementation and expectations - and then
potentially fold in as part of a browser root policy alignment effort.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Policy 2.7 Proposal: Clarify Section 5.1 ECDSA Curve-Hash Requirements

2019-11-08 Thread Wayne Thayer via dev-security-policy 
A few more questions have come up about this change:

* Since mozilla::pkix doesn't currently support the RSA-PSS encodings, why
would we include them in our policy?
* Related: would this detailed enumeration of requirements be better to
place in the BRs than in Mozilla policy?
* In that case it wouldn't cover S/MIME certs
* We'd still need to exclude P-521 in Mozilla policy
* It would end up in audit criteria and perhaps engineers implementing
it would be more likely to be aware of it
* Presumably the RSA-PSS encoding would be included in the BRs and
would then potentially need to be excluded from Mozilla policy

As always, I'll appreciate everyone's input on these questions.

- Wayne

On Wed, Oct 2, 2019 at 5:59 PM Wayne Thayer  wrote:

> Thank you Ryan. Brian reviewed these changes back in May, so I've gone
> ahead and accepted them for the 2.7 policy update:
> https://github.com/mozilla/pkipolicy/commit/5657ecf650d70fd3c6ca5062bee360fd83da9d27
>
> I'll consider this issue resolved unless there are further comments.
>
> - Wayne
>
> On Fri, May 24, 2019 at 1:38 AM Ryan Sleevi  wrote:
>
>>
>>
>> On Wed, May 22, 2019 at 7:43 PM Brian Smith  wrote:
>>
>>> Ryan Sleevi  wrote:
>>>


> It would be easier to understand if this is true if the proposed text
> cited the RFCs, like RFC 4055, that actually impose the requirements that
> result in the given encodings.
>

 Could you clarify, do you just mean adding references to each of the
 example encodings (such as the above example, for the SPKI encoding)?

>>>
>>> Exactly. That way, it is clear that the given encodings are not imposing
>>> a new requirement, and it would be clear which standard is being used to
>>> determine to correct encoding.
>>>
>>
>> Thanks, did that in
>> https://github.com/sleevi/pkipolicy/commit/80da8acded63618a058d26c73db1e2438a6df9ed
>>
>>
>>>
>>> I realize that determining the encoding from each of these cited specs
>>> would require understanding more specifications, including in particular
>>> how ASN.1 DER requires DEFAULT values to be encoded. I would advise against
>>> calling out all of these details individually less people get confused by
>>> inevitable omissions.
>>>
>>
>> Hopefully struck the right balance. These changes are now reflected in
>> the PR at https://github.com/mozilla/pkipolicy/pull/183
>>
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy