<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Thanks to all the participants on yesterday’s call regarding this topic. We now have a clear and apparently final position from several browsers.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>I think it was a good discussion among all parties and I’m sorry we didn’t get to the other topics on the agenda but I felt we needed to iron this out before proceeding.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>The remaining unknown is Apple’s position with respect to the treatment of CAs that abide by the Google proposal. Geoff mentioned they were still evaluating it. It would be good to get some closure on this quickly as several processors have impending deadlines and have indicated a need to come forward soon. I don’t think Apple’s intended deprecation of SHA-1 in their own systems is necessarily relevant to the processors themselves.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Lastly, I produced a draft of the minutes but would like to listen to the recording one more time to insure I captured everything. I expect to have this completed over the weekend and will publish a draft then.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Thanks,<br>Dean<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Eric Mill [mailto:eric@konklone.com] <br><b>Sent:</b> Monday, June 20, 2016 10:20 PM<br><b>To:</b> Dean Coclin <Dean_Coclin@symantec.com><br><b>Cc:</b> Ryan Sleevi <sleevi@google.com>; CABFPub <public@cabforum.org><br><b>Subject:</b> Re: [cabfpub] Proposal of a SHA-1 exception procedure<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>The entity name has some direct utility in putting 3 through 8 in context, and making those answers more useful in understanding why companies ended up in the situations they did. For example, an answer to question 7 ("When and how did the Subscriber first become aware of the SHA-1 sunset?") of "August 2015" would be a lot different coming from AT&T than from a regional payment processor. Follow-on proposals to address each of them would likely be different.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>But more concerning is the downside to declaring the entity name a secret -- once you do that, then it starts making sense to keep the answers to #2 (description of the infrastructure) and #9 (the certificate itself) a secret, since the certificate could probably be traced back to the entity through the hostnames or other metadata. Similarly, the respondent is likely to give more minimal answers to #3 through #8 in the interest of redacting details that might point to their identity. <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Making identifying oneself a requirement of obtaining a certificate removes disincentives to filing a full and complete report of why the multi-year, multi-stage SHA-1 deadline didn't work out for their piece of critical infrastructure.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>It's not surprising that payment processors are reluctant to provide their names, and legal departments will be a barrier. But if it's truly critical that an organization receive SHA-1 certificates to continue operations, that barrier shouldn't be insurmountable.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Mon, Jun 20, 2016 at 12:02 PM, Dean Coclin <<a href="mailto:Dean_Coclin@symantec.com" target="_blank">Dean_Coclin@symantec.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Eric- I get that. Lessons learned is a great tool for future deprecations. But what I think the processor industry doesn’t understand is how the particular name of the applicant helps toward that end. What difference does it make if the applicant name is Chase, TSYS, Worldpay, or Blueswipe? It seems the valuable answers to help future deprecations are those to questions 3-8 (i.e. what steps have been taken, impact, expected transition time, awareness, etc). How does the specific entity name address your goal?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Thanks,<br>Dean</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Eric Mill [mailto:<a href="mailto:eric@konklone.com" target="_blank">eric@konklone.com</a>] <br><b>Sent:</b> Saturday, June 18, 2016 11:25 AM<br><b>To:</b> Dean Coclin <<a href="mailto:Dean_Coclin@symantec.com" target="_blank">Dean_Coclin@symantec.com</a>><br><b>Cc:</b> Ryan Sleevi <<a href="mailto:sleevi@google.com" target="_blank">sleevi@google.com</a>>; CABFPub <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>><br><b>Subject:</b> Re: [cabfpub] Proposal of a SHA-1 exception procedure</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Fri, Jun 17, 2016 at 6:35 PM, Dean Coclin <<a href="mailto:Dean_Coclin@symantec.com" target="_blank">Dean_Coclin@symantec.com</a>> wrote: <o:p></o:p></p><div><div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>>>I think this is the crux of the issue which will require dissecting this sentence. First, “That includes the necessary disclosures and information so that we can gather information necessary to avoid such situations in the future”: This is great and I don’t think anyone has an issue with gathering this information so the CA/B Forum and root store operators can avoid future issues. The second part, “while having the necessary transparency for us effectively accepting, on behalf of the Internet trust ecosystem, the security risks” focuses on the security risks which I thought were ameliorated by the cryptanalysis. Is this not true?</span><o:p></o:p></p></div></div></div></blockquote><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The cryptanalysis ameliorates risks associated with the basic technical weaknesses that prompted the SHA-1 deprecation. It doesn't speak to any risks associated with how long it has taken the ecosystem to migrate away from SHA-1.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Those risks are just as real, especially since continued issuance of SHA-1 signatures by any one actor creates risk for all actors. And they'll be just as real when it's time to deprecate SHA-2, or to deal with practical quantum computing. To the extent the SHA-1 deprecation is a dry run for future migrations, the cryptanalysis is less important than the business analysis -- an analysis the entire community needs access to.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- Eric<o:p></o:p></p></div></div></div></div></div></div></div></div></blockquote></div><p class=MsoNormal><br><br clear=all><o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>-- <o:p></o:p></p><div><div><div><div><div><div><div><p class=MsoNormal><a href="https://konklone.com" target="_blank">konklone.com</a> | <a href="https://twitter.com/konklone" target="_blank">@konklone</a><o:p></o:p></p></div></div></div></div></div></div></div></div></div></div></body></html>