<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Rick,<br>
<br>
<blockquote type="cite"><font face="Calibri, sans-serif" size="2">Please
comment, especially browser vendors.</font></blockquote>
<br>
Mozilla's wiki page about this
(<a class="moz-txt-link-freetext" href="https://wiki.mozilla.org/CA:MD5and1024">https://wiki.mozilla.org/CA:MD5and1024</a>) was created in April
2010, and email about it was also sent to CAs
(<a class="moz-txt-link-freetext" href="https://wiki.mozilla.org/CA:Communications#October_11.2C_2010">https://wiki.mozilla.org/CA:Communications#October_11.2C_2010</a>)<br>
<br>
The wiki page allows for use of 1024-bit certs when needed for
interoperability reasons:<br>
"- This means that CAs should only consider issuing a 1024-bit
certificate if it is requested and justified by the subscriber for
a specific reason, such as interoperability with devices that do
not yet support certificates with larger key sizes. <br>
- The CA must assess the risk involved in issuing such a
certificate for legacy use/interoperability, and determine if they
are willing to accept the risk, as well as any possible liability.
The subject and relying parties also need to determine if they
will accept any risks and liabilities."<br>
<br>
The wiki page also makes it clear that CAs should not expect
continued support of 1024-bit certs in Mozilla products:<br>
"Under no circumstances should any party expect continued support
for RSA key size smaller than 2048 bits past December 31, 2013."<br>
<br>
<br>
<blockquote type="cite"><font face="Calibri, sans-serif" size="2">Do
CAs need to revoke 1024-bit end-entity certs by the end of
2013?</font></blockquote>
<br>
I think that depends on the type of cert and when it expires.<br>
<br>
I am fine with S/MIME certs being transitioned whenever they
expire, even if it is a couple of years out. Though, I won't
guarantee support of those certs in Mozilla products.<br>
<br>
I would like to see the transition from 1024-bit SSL and code
signing certs happen soon. However, it really doesn't matter to me
what the exact date is, as long as the transition is completed
before it becomes an emergency.<br>
<br>
Also on the wiki page: "December 31, 2013 – Mozilla will disable
the SSL and Code Signing trust bits for root certificates with RSA
key sizes smaller than 2048 bits. If those root certificates are
no longer needed for S/MIME, then Mozilla will remove them from
NSS."<br>
<br>
In hindsight, I should have said "after December 31...". My goal
is Q1 2014, and I am working on this in Mozilla Bugzilla #881553.<br>
<br>
<blockquote type="cite"><font face="Calibri, sans-serif" size="2">Since
the BRs effectively cover only certs issued after “the
effective date”, does that mean that certs issued before “the
effective date” don’t need to be revoked?</font></blockquote>
<br>
That was my interpretation of the BRs, but Mozilla's communication
about phasing out 1024-bit certs started in 2010. In 2010 I also
exchanged direct email with representatives of the CAs that had
1024-bit root certs included in Mozilla products at that time, so
all impacted CAs were well aware of Mozilla's requirements.<br>
<br>
<blockquote type="cite"><font face="Calibri, sans-serif" size="2">What
about code signing certs?</font></blockquote>
<br>
What I said above applies to both SSL and code signing certs.<br>
<br>
<br>
Kathleen<br>
<br>
<br>
<br>
On 6/23/13 12:32 PM, Rick Andrews wrote:<br>
</div>
<blockquote
cite="mid:544B0DD62A64C1448B2DA253C011414607B03DC21D@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
<font face="Calibri, sans-serif" size="2">
<div>We discussed this a bit in our face-to-face meeting in
Munich, but did not reach consensus. I’d like to continue the
conversation with all via the list.</div>
<div> </div>
<div>Putting aside the question of “web pki” vs. “non-web pki”,
Symantec and other CAs would like to see if we can achieve
consensus on these questions:</div>
<div> </div>
<ol style="margin-top: 0pt; margin-bottom: 0pt; margin-left:
36pt; ">
<li>Do CAs need to revoke 1024-bit end-entity certs by the end
of 2013?</li>
</ol>
<ol style="margin-top: 0pt; margin-bottom: 0pt; margin-left:
72pt; " type="a">
<li>I believe that some CAs believed that revoking such certs
was mandatory. However, I see no hard evidence of that.</li>
<li>The BRs say that 1024-bit can be issued as long as the end
date is before December 31, 2013. Others have said that a CA
that was compliant with the BRs would not have issued a
1024-bit end entity cert after the effective date if its end
date was 2014 or
later. However, we’ve seen that not all CAs became compliant
on July 1, 2012. Given what we now know about audits and
effective dates, it seems to me that there is a lot of
uncertainty here. </li>
<li>Apart from the BRs, CAs have to consider browser policy
which may go above and beyond the BRs. In a private
conversation with Tom Albertson of Microsoft, he told me
that “Our policy doesn't contemplate CAs revoking EE certs
issued before 1 Jan 2014, unless
or until an RSA factoring attack is imminent, and we all go
into response mode.” Mozilla’s policy seems to be similar –
it says that such certs must expire by January 1, 2014, but
it does not mandate that CAs revoke any such certs that
would live beyond that
date. </li>
<li>If there is no clear direction here, I propose that CAs
simply let all 1024-bit end entity certs expire naturally,
as long as the CA has stopped issuing 1024-bit end entity
certs, and made an honest effort to comply with the BRs
(hard to define, but at
the very least would mean that the CA wasn’t still issuing
multi-year 1024-bit certs in 2013).</li>
</ol>
<ol start="2" style="margin-top: 0pt; margin-bottom: 0pt;
margin-left: 36pt; ">
<li>Since the BRs effectively cover only certs issued after
“the effective date”, does that mean that certs issued
before “the effective date” don’t need to be revoked?</li>
</ol>
<ol start="5" style="margin-top: 0pt; margin-bottom: 0pt;
margin-left: 72pt; " type="a">
<li>That is my interpretation. Given what I said in 1) above,
even those certs issued after the effective date don’t need
to be revoked, unless some browser’s policy mandates that
action.</li>
</ol>
<ol start="3" style="margin-top: 0pt; margin-bottom: 0pt;
margin-left: 36pt; ">
<li>What about code signing certs?</li>
</ol>
<ol start="6" style="margin-top: 0pt; margin-bottom: 0pt;
margin-left: 72pt; " type="a">
<li>The BRs don’t cover non-EV code signing certs, so again
this goes back to browser policy. And unless some browser
comes forth with unambiguous policy on code signing certs, I
would suggest they are also off the table (do not need to be
revoked).</li>
</ol>
<div> </div>
<div>Please comment, especially browser vendors. Thanks,</div>
<div> </div>
<div>-Rick</div>
<div> </div>
<div> </div>
<div> </div>
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>