<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">It was pointed out to me that my
response regarding code signing certs was not clear.<br>
<br>
I think it's fine for 1024-bit code signing certs to expire, and
not be revoked based on some transition date. I think that
1024-bit code signing certs should not be used to sign new code
after this year.<br>
<br>
Kathleen<br>
<br>
<br>
On 6/24/13 3:31 PM, Kathleen Wilson wrote:<br>
</div>
<blockquote cite="mid:51C8C8C4.2050102@mozilla.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Rick,<br>
<br>
<blockquote type="cite"><font face="Calibri, sans-serif"
size="2">Please comment, especially browser vendors.</font></blockquote>
<br>
Mozilla's wiki page about this (<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://wiki.mozilla.org/CA:MD5and1024">https://wiki.mozilla.org/CA:MD5and1024</a>)
was created in April 2010, and email about it was also sent to
CAs (<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://wiki.mozilla.org/CA:Communications#October_11.2C_2010">https://wiki.mozilla.org/CA:Communications#October_11.2C_2010</a>)<br>
<br>
The wiki page allows for use of 1024-bit certs when needed for
interoperability reasons:<br>
"- This means that CAs should only consider issuing a 1024-bit
certificate if it is requested and justified by the subscriber
for a specific reason, such as interoperability with devices
that do not yet support certificates with larger key sizes. <br>
- The CA must assess the risk involved in issuing such a
certificate for legacy use/interoperability, and determine if
they are willing to accept the risk, as well as any possible
liability. The subject and relying parties also need to
determine if they will accept any risks and liabilities."<br>
<br>
The wiki page also makes it clear that CAs should not expect
continued support of 1024-bit certs in Mozilla products:<br>
"Under no circumstances should any party expect continued
support for RSA key size smaller than 2048 bits past December
31, 2013."<br>
<br>
<br>
<blockquote type="cite"><font face="Calibri, sans-serif"
size="2">Do CAs need to revoke 1024-bit end-entity certs by
the end of 2013?</font></blockquote>
<br>
I think that depends on the type of cert and when it expires.<br>
<br>
I am fine with S/MIME certs being transitioned whenever they
expire, even if it is a couple of years out. Though, I won't
guarantee support of those certs in Mozilla products.<br>
<br>
I would like to see the transition from 1024-bit SSL and code
signing certs happen soon. However, it really doesn't matter to
me what the exact date is, as long as the transition is
completed before it becomes an emergency.<br>
<br>
Also on the wiki page: "December 31, 2013 – Mozilla will disable
the SSL and Code Signing trust bits for root certificates with
RSA key sizes smaller than 2048 bits. If those root certificates
are no longer needed for S/MIME, then Mozilla will remove them
from NSS."<br>
<br>
In hindsight, I should have said "after December 31...". My goal
is Q1 2014, and I am working on this in Mozilla Bugzilla
#881553.<br>
<br>
<blockquote type="cite"><font face="Calibri, sans-serif"
size="2">Since the BRs effectively cover only certs issued
after “the effective date”, does that mean that certs issued
before “the effective date” don’t need to be revoked?</font></blockquote>
<br>
That was my interpretation of the BRs, but Mozilla's
communication about phasing out 1024-bit certs started in 2010.
In 2010 I also exchanged direct email with representatives of
the CAs that had 1024-bit root certs included in Mozilla
products at that time, so all impacted CAs were well aware of
Mozilla's requirements.<br>
<br>
<blockquote type="cite"><font face="Calibri, sans-serif"
size="2">What about code signing certs?</font></blockquote>
<br>
What I said above applies to both SSL and code signing certs.<br>
<br>
<br>
Kathleen<br>
<br>
<br>
<br>
On 6/23/13 12:32 PM, Rick Andrews wrote:<br>
</div>
<blockquote
cite="mid:544B0DD62A64C1448B2DA253C011414607B03DC21D@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
<font face="Calibri, sans-serif" size="2">
<div>We discussed this a bit in our face-to-face meeting in
Munich, but did not reach consensus. I’d like to continue
the conversation with all via the list.</div>
<div> </div>
<div>Putting aside the question of “web pki” vs. “non-web
pki”, Symantec and other CAs would like to see if we can
achieve consensus on these questions:</div>
<div> </div>
<ol style="margin-top: 0pt; margin-bottom: 0pt; margin-left:
36pt; ">
<li>Do CAs need to revoke 1024-bit end-entity certs by the
end of 2013?</li>
</ol>
<ol style="margin-top: 0pt; margin-bottom: 0pt; margin-left:
72pt; " type="a">
<li>I believe that some CAs believed that revoking such
certs was mandatory. However, I see no hard evidence of
that.</li>
<li>The BRs say that 1024-bit can be issued as long as the
end date is before December 31, 2013. Others have said
that a CA that was compliant with the BRs would not have
issued a 1024-bit end entity cert after the effective date
if its end date was 2014 or later. However, we’ve seen
that not all CAs became compliant on July 1, 2012. Given
what we now know about audits and effective dates, it
seems to me that there is a lot of uncertainty here. </li>
<li>Apart from the BRs, CAs have to consider browser policy
which may go above and beyond the BRs. In a private
conversation with Tom Albertson of Microsoft, he told me
that “Our policy doesn't contemplate CAs revoking EE certs
issued before 1 Jan 2014, unless or until an RSA factoring
attack is imminent, and we all go into response mode.”
Mozilla’s policy seems to be similar – it says that such
certs must expire by January 1, 2014, but it does not
mandate that CAs revoke any such certs that would live
beyond that date. </li>
<li>If there is no clear direction here, I propose that CAs
simply let all 1024-bit end entity certs expire naturally,
as long as the CA has stopped issuing 1024-bit end entity
certs, and made an honest effort to comply with the BRs
(hard to define, but at the very least would mean that the
CA wasn’t still issuing multi-year 1024-bit certs in
2013).</li>
</ol>
<ol start="2" style="margin-top: 0pt; margin-bottom: 0pt;
margin-left: 36pt; ">
<li>Since the BRs effectively cover only certs issued after
“the effective date”, does that mean that certs issued
before “the effective date” don’t need to be revoked?</li>
</ol>
<ol start="5" style="margin-top: 0pt; margin-bottom: 0pt;
margin-left: 72pt; " type="a">
<li>That is my interpretation. Given what I said in 1)
above, even those certs issued after the effective date
don’t need to be revoked, unless some browser’s policy
mandates that action.</li>
</ol>
<ol start="3" style="margin-top: 0pt; margin-bottom: 0pt;
margin-left: 36pt; ">
<li>What about code signing certs?</li>
</ol>
<ol start="6" style="margin-top: 0pt; margin-bottom: 0pt;
margin-left: 72pt; " type="a">
<li>The BRs don’t cover non-EV code signing certs, so again
this goes back to browser policy. And unless some browser
comes forth with unambiguous policy on code signing certs,
I would suggest they are also off the table (do not need
to be revoked).</li>
</ol>
<div> </div>
<div>Please comment, especially browser vendors. Thanks,</div>
<div> </div>
<div>-Rick</div>
<div> </div>
<div> </div>
<div> </div>
</font> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>