Re: SHA-1 Phase-out
On 21/11/16 20:29, Myers, Kenneth (10421) wrote: > I've been trying to stay on top of the SHA-1 phase-out discussion but > lost track. Where did it leave off? I drafted a potential update to Mozilla's policy which was discussed here, and has now moved to the CAB Forum public list for further discussion. > I think I saw something of doing a ban at the browser level to not > trust the SHA-1 algorithm. Is this possible? Mozilla will be doing that in January 2017. https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
Hi Gerv, I've been trying to stay on top of the SHA-1 phase-out discussion but lost track. Where did it leave off? I think I saw something of doing a ban at the browser level to not trust the SHA-1 algorithm. Is this possible? Kenneth Myers Manager +1.571.366.6120 +1.703.299.3046 fax Protiviti | 1640 King Street | Suite #400 | Alexandria | VA 22314 US | Protiviti.com NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
On 16/11/16 09:08, Kurt Roeckx wrote: > The other option would be that Firefox adds an option to allow SHA-1 for > things that are in the trust store but are not in the default trust store. AIUI, that is going to be the default behaviour. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
On 2016-11-15 18:00, Peter Bowen wrote: On Tue, Nov 15, 2016 at 7:25 AM, Kurt Roeckx wrote: - If it's an enterprise root they need to switch to SHA-2 This is a lot easier said than done for many organizations. Depending on the CA software this might be a small configuration change or might involve a very large software upgrade. I think the key question here is whether Firefox will have an option to do two things: 1) Continue to accept signatures over SHA-1 hashes for end-entity certificates 2) Continue to accept signatures over SHA-1 hashes for CA certificates in the chain While these may seem similar (in fact from a crypto risk perspective #2 is probably worse than #1), they frequently represent different amounts of work required to mitigate for organizations. The other option would be that Firefox adds an option to allow SHA-1 for things that are in the trust store but are not in the default trust store. Kurt ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
On Tue, Nov 15, 2016 at 7:25 AM, Kurt Roeckx wrote: > > - If it's an enterprise root they need to switch to SHA-2 This is a lot easier said than done for many organizations. Depending on the CA software this might be a small configuration change or might involve a very large software upgrade. I think the key question here is whether Firefox will have an option to do two things: 1) Continue to accept signatures over SHA-1 hashes for end-entity certificates 2) Continue to accept signatures over SHA-1 hashes for CA certificates in the chain While these may seem similar (in fact from a crypto risk perspective #2 is probably worse than #1), they frequently represent different amounts of work required to mitigate for organizations. Thanks, Peter ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
On 2016-11-15 16:19, Gervase Markham wrote: On 15/11/16 12:20, jansomar...@gmail.com wrote: I would step in to your discussion if you don't mind. My question is very similar to the original one but in regards to internal usage of SHA-1 signed certs. We are running large number of network devs devs == devices, rather than developers? acting as a proxy and users need to authenticate in order to access some of the applications. It's an internal closed environment and all the devices are using self-signed certificates. Will something change for us when Mozilla disabled SHA-1 certs? Are you sure you mean self-signed certs? Every time a user accesses a new application, they get a security error they have to override? Or do you mean you have a private enterprise root which you add to web browsers, and which issue all these certs for you? I guess the answer for both cases are: - If it's an enterprise root they need to switch to SHA-2 - If it's self-signed we don't care about the signature algorithm. Kurt ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
On 15/11/16 12:20, jansomar...@gmail.com wrote: > I would step in to your discussion if you don't mind. My question is > very similar to the original one but in regards to internal usage of > SHA-1 signed certs. We are running large number of network devs devs == devices, rather than developers? > acting as a proxy and users need to authenticate in order to access > some of the applications. It's an internal closed environment and all > the devices are using self-signed certificates. Will something change > for us when Mozilla disabled SHA-1 certs? Are you sure you mean self-signed certs? Every time a user accesses a new application, they get a security error they have to override? Or do you mean you have a private enterprise root which you add to web browsers, and which issue all these certs for you? Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
Hello Guys, I would step in to your discussion if you don't mind. My question is very similar to the original one but in regards to internal usage of SHA-1 signed certs. We are running large number of network devs acting as a proxy and users need to authenticate in order to access some of the applications. It's an internal closed environment and all the devices are using self-signed certificates. Will something change for us when Mozilla disabled SHA-1 certs? As far as I could read there is a plan to have an option to override this security feature and access website anyway. Of course enabling SHA-1 in about:config is also an option but we need to prepare our users for that. Thank you very much for any qualified answer. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
On Wednesday, 12 October 2016 14:50:22 UTC+1, Gervase Markham wrote: > However, we would counsel all sites to move > away from SHA-1 as the user experience will be as bad as the security. A message I've seen from some security vendors, that I don't want us reinforcing, is the idea that the SHA-1 certificates themselves are a security problem and "upgrading" to a SHA-256 certificate improves security. I think bank notes (outside the US) are a useful analogy. Sometimes the central bank may begin issuing a new note with improved anti-forgery features. To ensure forgers can't just keep making the old, more easily forged notes, these are eventually withdrawn from general use once enough of the new are in circulation. It would be a mistake to try to "improve" the security of your business by swapping all its cash for the latest notes. The new notes aren't "more secure" in a way that affects you, you haven't improved anything by doing this. Your business should pay attention to notices from the bank about new notes coming into circulation and about old ones being withdrawn, and make appropriate plans, but so long as it does that there's no problem. Web PKI Subscribers should be switching to SHA-1 because their Issuer requires it. CA/B rules make that clear, compliance seems to be pretty good but browser vendors like Mozilla are taking out insurance against the possibility that somebody, somewhere, made a mistake. In my view for ordinary subscribers in the Web PKI it's primarily a compatibility issue, rather than a security issue. Off the Web PKI, in private systems, the risk/ reward may look very different. If your PKI only issues certificates on a sight basis to a handful of trusted individuals suddenly the chosen prefix attack doesn't look like a real security risk at all so SHA-1 seems fine. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: SHA-1 Phase-out
On 12/10/16 14:46, Konstantinos Tsimaris wrote: > I have seen various posts mentioning that after 1 of January 2017, browsers > will stop support of SHA1 signed CAs. I am looking into a way to identify > which WEB sites will not work until new certificate is applied and > demonstrate that after change it will work. I know that can be done via > checking the issued CA. Is there a way using a Firefox to replicate the > behavior/block prior to that date? > > Second, I would like to ask if a user has option to permit if required, for > example using "security.pki.sha1_enforcement_level" That preference is exactly how you test the behaviour prior to the date the block is implemented. Set the value to 1 (entirely forbidden) or 3 (forbidden for public roots). Users will be able to permit SHA-1 individually after the block is enacted by default, using that pref. Also, the current plan is that the error will be overridable. However, we would counsel all sites to move away from SHA-1 as the user experience will be as bad as the security. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
SHA-1 Phase-out
Hi Security team, I have 2 questions which I would be grateful if you can help. I have seen various posts mentioning that after 1 of January 2017, browsers will stop support of SHA1 signed CAs. I am looking into a way to identify which WEB sites will not work until new certificate is applied and demonstrate that after change it will work. I know that can be done via checking the issued CA. Is there a way using a Firefox to replicate the behavior/block prior to that date? Second, I would like to ask if a user has option to permit if required, for example using "security.pki.sha1_enforcement_level" Kind Regards, Kostas Tsimaris ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy