<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Hello Rob,<br>
<br>
Thanks for the useful suggestion. We've amended our proposed
ballot language accordingly.<br>
<br>
We would still like to determine the best way to direct CAs to the
weak key populations assembled through the work of yourself and
HARICA.<br>
<br>
On the broader question of how to proceed, we see three options
for community consideration:<br>
<br>
- Carry forward with this proposed ballot;<br>
- Consider adding this language to a future cleanup ballot; or<br>
- Declaring that current language and guidance are sufficient.<br>
<br>
To recap, the ur-issue is itself from 2006-2008, our initial
request for input on this matter was made in April 2020 and this
ballot language has been under (sporadic) discussion since
December 2020. Given the narrow focus of the issue itself, this
could certainly be considered a low priority, and thus wrapped
into a future cleanup ballot (rather than undergoing a separate
ballot procedure).<br>
<br>
However, we note that the impetus for this ballot discussion was
failure of a publicly-trusted CA to prevent issuance of a
certificate using a Debian weak key in March 2020. We aim to
ensure this doesn't happen again by clear delineation of expected
practices (and direction to appropriate resources) in our Baseline
Requirements.<br>
<br>
We believe this proposal offers clearer guidance on this matter
than the current BR language, and is an opportunity to make an
ecosystem-wide improvement in CA practices.<br>
<br>
We hope to discuss this in our regular call and very much welcome
community input.<br>
<br>
Regards,<br>
<br>
Chris K<br>
<br>
=====<br>
<br>
SCXX Ballot proposal: Debian Weak keys<br>
<br>
(NOTE: Edited per RS suggestion, updated version number to 1.7.9,
but still currently directs to debian.org resource)<br>
<br>
=====<br>
<br>
--- Motion Begins --- <br>
<br>
This ballot modifies the “Baseline Requirements for the Issuance
and Management of Publicly-Trusted Certificates” as follows, based
on Version 1.7.9: <br>
<br>
Proposed ballot language: <br>
<br>
4.9.1.1 Reasons for Revoking a Subscriber Certificate <br>
<br>
Replace: <br>
<br>
4. The CA is made aware of a demonstrated or proven method that
can easily compute the Subscriber’s Private Key based on the
Public Key in the Certificate (such as a Debian weak key, see
<a class="moz-txt-link-freetext" href="https://wiki.debian.org/SSLkeys">https://wiki.debian.org/SSLkeys</a>) <br>
<br>
With: <br>
<br>
4. The CA is made aware of a demonstrated or proven method that
can easily compute the Subscriber’s Private Key (such as those
identified in 6.1.1.3(4)). <br>
<br>
--- <br>
<br>
6.1.1.3. Subscriber Key Pair Generation <br>
<br>
Replace: <br>
<br>
The CA SHALL reject a certificate request if one or more of the
following conditions are met: <br>
<br>
1. The Key Pair does not meet the requirements set forth in
Section 6.1.5 and/or Section 6.1.6; <br>
<br>
2. There is clear evidence that the specific method used to
generate the Private Key was flawed; <br>
<br>
3. The CA is aware of a demonstrated or proven method that exposes
the Applicant's Private Key to compromise; <br>
<br>
4. The CA has previously been made aware that the Applicant's
Private Key has suffered a Key Compromise, such as through the
provisions of Section 4.9.1.1; <br>
<br>
5. The CA is aware of a demonstrated or proven method to easily
compute the Applicant's Private Key based on the Public Key (such
as a Debian weak key, see <a class="moz-txt-link-freetext" href="https://wiki.debian.org/SSLkeys">https://wiki.debian.org/SSLkeys</a>). <br>
<br>
With: <br>
<br>
The CA SHALL reject a certificate request if one or more of the
following occurs: <br>
<br>
1) The requested Public Key does not meet the requirements set
forth in Sections 6.1.5 and/or 6.1.6; <br>
<br>
2) The CA is aware of a demonstrated or proven method that exposes
the Subscriber's Private Key to compromise; <br>
<br>
3) The CA has previously been made aware that the Subscriber's
Private Key has suffered a Key Compromise, such as through the
provisions of Section 4.9.1.1; <br>
<br>
4) The Public Key corresponds to an industry demonstrated weak
Private Key, in particular: <br>
<br>
a) In the case of ROCA vulnerability, the CA SHALL reject keys
identified by the tools available at
<a class="moz-txt-link-freetext" href="https://github.com/crocs-muni/roca">https://github.com/crocs-muni/roca</a> or equivalent. <br>
<br>
b) In the case of Debian weak keys
(<a class="moz-txt-link-freetext" href="https://wiki.debian.org/SSLkeys">https://wiki.debian.org/SSLkeys</a>), the CA SHALL reject at least
keys generated by the flawed OpenSSL version with the combination
of the following parameters: <br>
<br>
i) Big-endian 32-bit, little-endian 32-bit, and little-endian
64-bit architecture; <br>
<br>
ii) Process ID of 0 to 32767, inclusive; <br>
<br>
iii) All RSA Public Key lengths supported by the CA; <br>
<br>
iv) rnd, nornd, and noreadrnd OpenSSL random file state.<br>
<br>
--- Motion Ends --- <br>
<br>
=====<br>
<br>
</p>
<div class="moz-cite-prefix">On 5/13/2021 9:42 AM, Rob Stradling
wrote:<br>
</div>
<blockquote type="cite" cite="mid:MW4PR17MB472977E83FAE719172F40D00AA519@MW4PR17MB4729.namprd17.prod.outlook.com">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Arial,
Helvetica, sans-serif; font-size: 12pt;">> </span><span style="color: rgb(0, 0, 0); font-family: Calibri, Arial,
Helvetica, sans-serif; font-size: 12pt;">iii) All RSA Public
Key lengths supported by the CA up to and including 4096 bits;</span><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
> ...</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
> For Debian weak keys not covered above, the CA SHALL take
actions to minimize the probability of certificate issuance.
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Hi Christopher. What sort of "actions" are envisaged here? If
a CA is processing a certificate request that contains a (for
example) RSA-4088 public key (i.e., a key size not covered by an
available Debian weak list), either the CA is going to issue the
cert or they're not. What, concretely, does "minimize the
probability of certificate issuance" actually mean?</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Why not remove that "SHALL" sentence and change point iii to: "<span style="background-color:rgb(255, 255, 255);display:inline
!important">iii) All RSA Public Key lengths supported by the
CA." ?</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
BTW, in case it helps, I'm about half way through generating a
full set of RSA-8192 Debian weak keys, which (when complete)
I'll add to the
<a href="https://github.com/CVE-2008-0166" moz-do-not-send="true">https://github.com/CVE-2008-0166</a> repositories.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
Christopher Kemmerer <a class="moz-txt-link-rfc2396E" href="mailto:chris@ssl.com"><chris@ssl.com></a><br>
<b>Sent:</b> 13 May 2021 15:12<br>
<b>To:</b> Rob Stradling <a class="moz-txt-link-rfc2396E" href="mailto:rob@sectigo.com"><rob@sectigo.com></a>; Dimitris
Zacharopoulos (HARICA) <a class="moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr"><dzacharo@harica.gr></a>; CA/B
Forum Server Certificate WG Public Discussion List
<a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a>; Jacob Hoffman-Andrews
<a class="moz-txt-link-rfc2396E" href="mailto:jsha@letsencrypt.org"><jsha@letsencrypt.org></a><br>
<b>Subject:</b> Re: [Servercert-wg] SCXX Ballot proposal:
Debian Weak keys</font>
<div> </div>
</div>
<div>
<div style="background-color:#FAFA03; width:100%;
border-style:solid; border-color:#000000; border-width:1pt;
padding:2pt; font-size:10pt; line-height:12pt;
font-family:'Calibri'; color:Black; text-align:left">
<span style="color:000000">CAUTION:</span> This email
originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender
and know the content is safe.</div>
<br>
<div>
<div class="x_OutlineElement x_Ltr x_BCX2 x_SCXW100400534" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">Hello,</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
<br>
</span></p>
</div>
<div class="x_OutlineElement x_Ltr x_BCX2 x_SCXW100400534" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">We deeply appreciate the
useful discussion in this thread regarding this
issue. We especially applaud the efforts of HARICA
and
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SpellingErrorV2 x_SCXW100400534 x_BCX2">Sectigo</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> to independently generate
more comprehensive lists of potentially affected
Debian weak keys. As Rob Stradling observed through
his crt.sh research (20210107,
<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Frobstradling%2Fa5590b6a13218fe561dcb5d5c67932c5&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954353387%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ZELduxkdVuM%2F8lX%2F0S27vxUfAyIYYywxTUiuQB%2FJUF8%3D&reserved=0" originalsrc="https://gist.github.com/robstradling/a5590b6a13218fe561dcb5d5c67932c5" shash="P1DYfCdeY4rUDp/lSc1ohbEJ7rxfFeCg2gTbLYWJbhOR0hz6+xF7XKwavp5V35NgNj7+QTAwE7ehFZ8hGTzsAP0ILPDoSaB4dcZ+WldC8WQAR0eL5g+yrhCJz9dvbbEmUNGlxZ4Ldk+DrreDdMMSV8E4BTrnzSaQg15M94fCGGU=" moz-do-not-send="true">
https://gist.github.com/robstradling/a5590b6a13218fe561dcb5d5c67932c5</a>)
of the five most utilized algorithm/key size
populations, two are ECC (so not impacted by the
Debian weak key issue) and three are RSA (</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">2048, 4096, and 3072 bit</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> length, in that order).</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
<br>
</span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">As of their most recent
messages it appears that these two organizations
have independently generated comprehensive lists
identifying all RSA-</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">2048 and -4096 bit</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> length keys. (We </span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">understand</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> RSA-3072 length keys</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> are also </span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">available</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">.) This offers the
possibility that complete lists, if accepted as
authoritative, could be accessed by the community to
help prevent exploitation of this vulnerability.</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
<br>
</span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">It was also noted (by the
representative from </span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">Let's</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> Encrypt) that the ROCA
vulnerability is presently identified through use of
a tool supported externally. It was suggested that
this resource be archived in a manner that ensures
availability. (Our proposed language points to "<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcrocs-muni%2F&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954353387%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2B6Bbrw6zOi9Mqg4ufrsCgQr4I2GpiDVyF799GdFZo%2Fc%3D&reserved=0" originalsrc="https://github.com/crocs-muni/" shash="E+ceSEks6Y47Y+rgBWPegmxixzZvrb3w2m26BsmUQhVkAFtse+0i7k2oA3meATmEb4U6BwQIbrH4oK3TkHeAiTOhWEk8Jyw98TRT8LjFeYZOLFvkjr0qSNkUNoJwiUC82rpSWWumVFd5xhO9QbPFMGKN5ajGr6C1zD+f559tMd0=" moz-do-not-send="true">https://github.com/crocs-muni/</a></span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SpellingErrorV2 x_SCXW100400534 x_BCX2">roca</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> or equivalent.")</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
<br>
</span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">We think our present ballot
language (reproduced at the end of this message)
provides appropriately focused guidance to CAs. If
available,
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">we'd</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> certainly like to also see
the HARICA/</span></span><span class="x_TextRun
x_SCXW100400534 x_BCX2" style="font-size:11pt;
line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SpellingErrorV2 x_SCXW100400534 x_BCX2">Sectigo</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> lists (which CAs could use
for the majority of Debian weak key use cases)
captured somewhere in this ballot language. We are
agnostic as to 1) where exactly these resources
might be maintained and 2) where this ballot places
directions to these resources - an annex to the
current requirements, a separate CA/BF guidance
document or within Sections 4.9.1.1/6.1.1.3.</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
<br>
</span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">Our intent is to ensure that
1) clear, accurate guidance on CA expectations is
provided and 2) any resources assisting CAs in
meeting these expectations are fully described,
publicly available (somewhere) and with reliable
links provided. The language below, we feel, meets
the first requirement. </span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">We'd</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> appreciate input on how to
best meet the second. (Note that SSL.com would be
happy to support the community by hosting any of
these as
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">publicly accessible</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> resources, whether solo or
alongside other organizations.)</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
<br>
</span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">Chris K</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">SSL.com</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
<br>
</span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">=====</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">--- Motion Begins ---</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">This ballot modifies the
“Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates” as
follows, based on Version 1.7.</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">4</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">:</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">Proposed ballot language:</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif;
font-weight:bold" lang="EN-US"><span class="x_NormalTextRun x_SCXW100400534 x_BCX2">4.9.1.1
Reasons for Revoking a Subscriber Certificate</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">Replace:</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">4. The CA is made aware of a
demonstrated or proven method that can easily
compute the Subscriber’s Private Key based on the
Public Key in the Certificate (such as a Debian weak
key, see
<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954353387%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8k346qzJCSyDiCSkHRf9hCx3lOT9r0QSQ8LPKmQv1Ic%3D&reserved=0" originalsrc="https://wiki.debian.org/SSLkeys" shash="h7AFgDKvfiVRNYHI+AUqbXQmBVppYxCHfy7mPS1JpddSrW2y/KyottmnSHd21ah3mCLbbudmQvZxPqOWqIvLVXxHuhWk31WXpvdzyujb2KK3yQ/pEX8dLwlzi0FUb+HmRIEpUzq/M+jO5jQ3O2l6HUyTL/P9e4uXNd4pZSY6Hpk=" moz-do-not-send="true">
https://wiki.debian.org/SSLkeys</a>)</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">With:</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">4. The CA is made aware of a
demonstrated or proven method that can easily
compute the Subscriber’s Private Key (such as those
identified in 6.1.1.3(4)).</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">---</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif;
font-weight:bold" lang="EN-US"><span class="x_NormalTextRun x_SCXW100400534 x_BCX2">6.1.1.3.
Subscriber Key Pair Generation</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">Replace:</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">The CA SHALL reject a
certificate request if one or more of the following
conditions are met:</span></span><span class="x_EOP
x_SCXW100400534 x_BCX2" style="font-size:11pt;
line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">1. The Key Pair does not
meet the requirements set forth in Section 6.1.5
and/or Section </span></span><span class="x_TextRun
x_SCXW100400534 x_BCX2" style="font-size:11pt;
line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">6.1.6;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">2. There is clear evidence
that the specific method used to generate the
Private Key was </span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">flawed;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">3. The CA is aware of a
demonstrated or proven method that exposes the
Applicant's Private Key to </span>
</span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">compromise;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">4. The CA has previously
been made aware that the Applicant's Private Key has
suffered a Key Compromise, such as through the
provisions of Section
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">4.9.1.1;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">5. The CA is aware of a
demonstrated or proven method to easily compute the
Applicant's Private Key based on the Public Key
(such as a Debian weak key, see
<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954363341%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=B%2B7P5Mt6gju%2Fcqk20zgg12bdBBSIjEp9agCWOVtr9dg%3D&reserved=0" originalsrc="https://wiki.debian.org/SSLkeys" shash="qvX2DkEikD3sl5srsf0ZzcXtBPXLeooqy/IvLR6zJEwQ7tTghqUFGGMPwydK2VB+K5kDhwrCbYCGQWOPH+8eZL5AIhuAYqrvmDuA9IvUcQ9EN5AfXb/qhZ+jq/3CEmVWccD/vuAXFG0PfuP9Pt2qxRnhz4Mr9TdJKVmBngdegCE=" moz-do-not-send="true">
https://wiki.debian.org/SSLkeys</a>).</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">With:</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">The CA SHALL reject a
certificate request if one or more of the following
occurs:</span></span><span class="x_EOP
x_SCXW100400534 x_BCX2" style="font-size:11pt;
line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">1) The requested Public Key
does not meet the requirements set forth in Sections
6.1.5 and/or </span></span><span class="x_TextRun
x_SCXW100400534 x_BCX2" style="font-size:11pt;
line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">6.1.6;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">2) The CA is aware of a
demonstrated or proven method that exposes the
Subscriber's Private Key to </span>
</span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">compromise;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">3) The CA has previously
been made aware that the Subscriber's Private Key
has suffered a Key Compromise, such as through the
provisions of Section
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">4.9.1.1;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">4) The Public Key
corresponds to an industry demonstrated weak Private
Key, in particular:</span></span><span class="x_EOP
x_SCXW100400534 x_BCX2" style="font-size:11pt;
line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">a) In the case of ROCA
vulnerability, the CA SHALL reject keys identified
by the tools available at <a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcrocs-muni%2Froca&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954363341%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OCUNpTPVeCB%2Fz0b4jTfiv6vbvXFwmM5yRq%2BRuCO55ZE%3D&reserved=0" originalsrc="https://github.com/crocs-muni/roca" shash="kcie2nugIb/wrDtFryxa1bzBmQ64+7fV89ikHxkVnOAVQSSi6hVSBSQrbFHdt5xGRvW0whIongkBRdZ01VHHcmjSrHZFSZGxfcNpEwEJyYkQWwQq3WJL5ZyQRHQo82UindnAycnn2z6d0e/RZdX1hMuM1wCkKW363Us2MugPsvM=" moz-do-not-send="true">
https://github.com/crocs-muni/roca</a> or
equivalent.</span></span><span class="x_EOP
x_SCXW100400534 x_BCX2" style="font-size:11pt;
line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">b) In the case of Debian
weak keys (<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954373299%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3foFsayO%2BPHfuOSBeUHZMMP1Q5oudchTbgcQFGlWy9M%3D&reserved=0" originalsrc="https://wiki.debian.org/SSLkeys" shash="J0rjM4HFNiH0zUvsxuPZ9hEEqGKZb3uSmxOqF0IeiJLt+MsjbyrenbUWk94rRG9vWKQEhkbcS4LyppQCIaEy/HZpSvS/3vlS2+qkT2GYbbPMBFG1ZSKLZj5Ty7eDUPxteQv1ZT+mbqBqmc3JZgDdRZuJAO+VbH25i25K87b+ML0=" moz-do-not-send="true">https://wiki.debian.org/SSLkeys</a>),
the CA SHALL reject at least keys generated by the
flawed OpenSSL version with the combination of the
following parameters:</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SpellingErrorV2 x_SCXW100400534 x_BCX2">i</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">) Big-endian 32-bit,
little-endian 32-bit, and little-endian 64-bit </span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">architecture;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">ii) Process ID of 0 to
32767,
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">inclusive;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">iii) All RSA Public Key
lengths supported by the CA up to and including 4096
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_ContextualSpellingAndGrammarErrorV2
x_SCXW100400534 x_BCX2">bits;</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">iv)
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SpellingErrorV2 x_SCXW100400534 x_BCX2">rnd</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">,
</span></span><span class="x_TextRun x_SCXW100400534
x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SpellingErrorV2 x_SCXW100400534 x_BCX2">nornd</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">, and </span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SpellingErrorV2 x_SCXW100400534 x_BCX2">noreadrnd</span></span><span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"> OpenSSL random file state.</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">For Debian weak keys not
covered above, the CA SHALL take actions to minimize
the probability of certificate issuance.</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2"></span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
</div>
<div class="x_OutlineElement x_Ltr x_SCXW100400534 x_BCX2" style="direction:ltr">
<p class="x_Paragraph x_SCXW100400534 x_BCX2" style="margin-top: 0px; margin-bottom:
0px;font-weight:normal; font-style:normal;
vertical-align:baseline; background-color:transparent;
color:windowtext; text-align:left; margin-left:0px;
margin-right:0px; padding-left:0px; padding-right:0px;
text-indent:0px">
<span class="x_TextRun x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span class="x_NormalTextRun
x_SCXW100400534 x_BCX2">--- Motion Ends ---</span></span><span class="x_EOP x_SCXW100400534 x_BCX2" style="font-size:11pt; line-height:19.425px;
font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
</span></p>
</div>
<div class="x_moz-cite-prefix">On 1/18/2021 3:34 PM, Rob
Stradling wrote:<br>
</div>
<blockquote type="cite">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
> I'm mid-way through generating the RSA-4096 keys.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
The RSA-4096 private keys and blocklists are now in <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fprivate_keys&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954373299%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=65887HTXWFWaUo0GBNYu8Ctd5S1pW0w%2Buja1HQjjQXU%3D&reserved=0" originalsrc="https://github.com/CVE-2008-0166/private_keys" shash="SKMH6rMFlgOm/Fdfs6rDZVv5TWqZ9rh9I4DE8Bn+jYpg8LEMDyRjD1as0tjLevQzwmyY08i8+oLISuBrnDX7bCf/LSk12CBztWV7qFJXy5MVGFyVtGCMdUSHKv0VglpgEjjW+zCVGzEJSLP3PnvX5O2Ql88CD6WL+YcwBZryTWU=" moz-do-not-send="true">
https://github.com/CVE-2008-0166/private_keys</a> and
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fopenssl_blocklists&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954373299%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YsJN75IdoHbB0xxrFmIrcAYDnYzGLutgy%2FA467RtFqk%3D&reserved=0" originalsrc="https://github.com/CVE-2008-0166/openssl_blocklists" shash="neuEFKrIbsG1QcEi05SZLMJdK3ypGLT4D+eI+b+yP1F+gEFjd00RhEFvX34GwHlcrC4biWdvUXbjo5FmF2rgeZQ8FnJDLHwEy/fBxckjavzvFedaNaJmZF3SqrfZtfhpThLbDcJk8GoIH+gQOdaNhL439iURBnMbkLdVbO3tCwc=" moz-do-not-send="true">
https://github.com/CVE-2008-0166/openssl_blocklists</a>.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
The RSA-2048 and RSA-4096 private keys in <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FHARICA-official%2Fdebian-weak-keys&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954383257%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=82IVXFou7B6gTuLVR40v%2BFsnLEFYITrlTZLPdV%2Bp%2BHk%3D&reserved=0" originalsrc="https://github.com/HARICA-official/debian-weak-keys" shash="xObXtOMLIH3WszaI4aBb20yKeBZs4kh6Z6M3a/i/ggaRNvIeh7JtaDHFZbi77V1fH+YuJrYCJaldNioejqWrBuaQnz4x4SHhvnzPedUr8xtHUhY3uXnSuo1uuR6pdOlIJ/OVd84RLqD0kYm8KEZphN1zSLav9l+8OLZ15P0apXA=" moz-do-not-send="true">https://github.com/HARICA-official/debian-weak-keys</a> (which
only covers 2 of the 3 word size / endianness
combinations) are identical to the equivalents in <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fprivate_keys&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954383257%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=02dPvzXAoQa2QdA5404SWcII6joTEbnX3nQ5mFKHke4%3D&reserved=0" originalsrc="https://github.com/CVE-2008-0166/private_keys" shash="jGHwDulILIQBYK6E17JiSQiS4zm0GCn7fN3Fj0A0TReBPqWUX3mSkA7zksGCJAQ473L+Ku4vAML9V8zQm1nzA/ZTOoUJV92ABwv3poaGWWWnyZ5kAz0A5+Q6EWjGfFf/0OjiaPmp6YSjPz1+QftgmLQ9PZVOJDn2C7PycaL2pbQ=" moz-do-not-send="true">https://github.com/CVE-2008-0166/private_keys</a>.</div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block;
width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> Dimitris Zacharopoulos
(HARICA)
<a class="x_moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr" moz-do-not-send="true"><dzacharo@harica.gr></a><br>
<b>Sent:</b> 14 January 2021 18:39<br>
<b>To:</b> Rob Stradling <a class="x_moz-txt-link-rfc2396E" href="mailto:rob@sectigo.com" moz-do-not-send="true">
<rob@sectigo.com></a>; CA/B Forum Server
Certificate WG Public Discussion List <a class="x_moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true">
<servercert-wg@cabforum.org></a>; Jacob
Hoffman-Andrews <a class="x_moz-txt-link-rfc2396E" href="mailto:jsha@letsencrypt.org" moz-do-not-send="true">
<jsha@letsencrypt.org></a>; Christopher
Kemmerer <a class="x_moz-txt-link-rfc2396E" href="mailto:chris@ssl.com" moz-do-not-send="true">
<chris@ssl.com></a><br>
<b>Subject:</b> Re: [Servercert-wg] SCXX Ballot
proposal: Debian Weak keys</font>
<div> </div>
</div>
<div>
<div style="background-color:#FAFA03; width:100%;
border-style:solid; border-color:#000000;
border-width:1pt; padding:2pt; font-size:10pt;
line-height:12pt; font-family:'Calibri';
color:Black; text-align:left">
<span style="color:000000">CAUTION:</span> This
email originated from outside of the organization.
Do not click links or open attachments unless you
recognize the sender and know the content is safe.</div>
<br>
<div><br>
<br>
<div class="x_x_moz-cite-prefix">On 14/1/2021 12:30
π.μ., Rob Stradling wrote:<br>
</div>
<blockquote type="cite">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Thanks Dmitris.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
So far I've generated the RSA-2048 and RSA-3072
keys using <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fkey_generator&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954383257%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=84rUyqFcrGyBzI0U1igsIdRf23MjG%2BmScRniWptlJ7g%3D&reserved=0" originalsrc="https://github.com/CVE-2008-0166/key_generator" shash="MY86+t6Rexmjsa4bg8HY+jjBPyoGERUN/YVHAc1AQPnGXb3EKZ2vzuZ9Tv1gv616zkW1jReC0lvups0aMcsGpy9c2T8QXGMR3WD/tUBCNw8s0rmLGbjz8E9qGp5+QhucKUbat3hGzuBMSGJn2emTwJYcpkKd7cwtAR5kF2jw8og=" moz-do-not-send="true">
https://github.com/CVE-2008-0166/key_generator</a> and
uploaded them to <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fprivate_keys&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954393211%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Ek2DJ%2B%2FzipYDxKYQD4UKZcD21oPgfeGMgFEwbwephjg%3D&reserved=0" originalsrc="https://github.com/CVE-2008-0166/private_keys" shash="gh/aNwREU2eREJ8dZfU96Z6AfZU+uxGjmHO+hYyv9VEWc5XX0o5ZU3qetcajRjFSGr0VOhk14yVXEJkkydSRZhuz0EAUNr1pQeqBRAHOOAT7mXYxMOFJUKShOmILSgQfBFL5Bh0Oe8o8+COBbXI4fKpaqMrW86Dxil4jdnOOhSQ=" moz-do-not-send="true">
https://github.com/CVE-2008-0166/private_keys</a>,
and I've generated the corresponding blocklists
and uploaded them to
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fopenssl_blocklists&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954393211%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=351FCX8uuZ44s%2BUzFEmN9wECMZlBH10xHAmbOtF85xo%3D&reserved=0" originalsrc="https://github.com/CVE-2008-0166/openssl_blocklists" shash="AaDr70gEyR8xhFDn5SbIC7NeEDvW91WK+ZRnAJw03Ot+qIAEO+tSoFOo7DuuvVrKjp2DaLRYazXyduTlIUGJ28LgF4rrQDnGEeFUJjo0HANaHiYa182iG6ScPi+JD/MQQdeRjizI9RKUa1nEwc7zJEWXLA9tEnhht/kkvSJOQgI=" moz-do-not-send="true">
https://github.com/CVE-2008-0166/openssl_blocklists</a>. My RSA-2048
blocklists exactly match the ones from the
original Debian openssl-blacklist package.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
I'm mid-way through generating the RSA-4096
keys.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Let's compare keys when we're both done. <span id="x_x_🙂">🙂</span></div>
</blockquote>
<br>
Certainly :-) the RSA-2048 keys already match the
fingerprints from the openssl-blacklist Debian
package.<br>
<br>
We did this work several months ago but never found
the time to make it publicly available. We managed
to break down the big task and run jobs in parallel
which made things a bit more interesting.<br>
<br>
It's nice we did this independently, I guess it
increases the accuracy level of the resulted keys :)<br>
<br>
<br>
Cheers,<br>
Dimitris.<br>
<br>
<blockquote type="cite">
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block;
width:98%">
<div id="x_x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri,
sans-serif" color="#000000"><b>From:</b>
Dimitris Zacharopoulos (HARICA)
<a class="x_x_moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr" moz-do-not-send="true"><dzacharo@harica.gr></a><br>
<b>Sent:</b> 13 January 2021 21:49<br>
<b>To:</b> Rob Stradling <a class="x_x_moz-txt-link-rfc2396E" href="mailto:rob@sectigo.com" moz-do-not-send="true">
<rob@sectigo.com></a>; CA/B Forum
Server Certificate WG Public Discussion List
<a class="x_x_moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true">
<servercert-wg@cabforum.org></a>;
Jacob Hoffman-Andrews <a class="x_x_moz-txt-link-rfc2396E" href="mailto:jsha@letsencrypt.org" moz-do-not-send="true">
<jsha@letsencrypt.org></a>;
Christopher Kemmerer <a class="x_x_moz-txt-link-rfc2396E" href="mailto:chris@ssl.com" moz-do-not-send="true">
<chris@ssl.com></a><br>
<b>Subject:</b> Re: [Servercert-wg] SCXX
Ballot proposal: Debian Weak keys</font>
<div> </div>
</div>
<div>
<div style="background-color:#FAFA03;
width:100%; border-style:solid;
border-color:#000000; border-width:1pt;
padding:2pt; font-size:10pt;
line-height:12pt; font-family:'Calibri';
color:Black; text-align:left">
<span style="color:000000">CAUTION:</span>
This email originated from outside of the
organization. Do not click links or open
attachments unless you recognize the sender
and know the content is safe.</div>
<br>
<div>Dear friends,<br>
<br>
HARICA has generated the weak keys (RSA 2048
and 4096 bit lengths) from the vulnerable
openssl package. We will generate 3072 bit
keys as well and add them soon. The
methodology is described in the following
GitHub repo along with the produced keys:<br>
<ul>
<li><a class="x_x_x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FHARICA-official%2Fdebian-weak-keys&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954403169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IhYSEh8Bt%2FODjgmx27nNxsaSW3S8J0znHYJvsJVEHvA%3D&reserved=0" originalsrc="https://github.com/HARICA-official/debian-weak-keys" shash="lKC5kRKkpy0Pztb+boVOPh+qEDCgmiqL2G5fyeVhX0fXgfY+rW7jamSGtWnA4Q/TPu/4oVJM+vdDQhR+WHe+gHBhag/jWkaJ/lrHmLDZdWAP3YZW2lVG+UBRpB/LPk9Axl8ERi3uc4tEFjq3rUrlvOAWomnlZkRK7qXzZ9JXxZo=" moz-do-not-send="true">https://github.com/HARICA-official/debian-weak-keys</a></li>
</ul>
Please review and let us know if you spot
any issues or problems with our approach and
methodology.<br>
<br>
As always, please use other people's work at
your own risk.<br>
<br>
<br>
Dimitris.<br>
<br>
<div class="x_x_x_moz-cite-prefix">On
7/1/2021 2:25 μ.μ., Rob Stradling via
Servercert-wg wrote:<br>
</div>
<blockquote type="cite">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
I've used crt.sh to produce a survey of
key algorithms/sizes in currently
unexpired, publicly-trusted server
certificates:</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Frobstradling%2Fa5590b6a13218fe561dcb5d5c67932c5&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954403169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wNwpjeA4bEAp%2FEFOPI%2FyGOc6FW6U6Oqgr1rss1FCDDw%3D&reserved=0" originalsrc="https://gist.github.com/robstradling/a5590b6a13218fe561dcb5d5c67932c5" shash="O36ZGyduHzx3H3L0lVrGCywIcG6YiVFQfEFh0hwkQHsvFYj+kGoZ+Osjl7WDpYYgWtvqVXe5zakbSfp0YtyzN/q2sZNyvItwTWpyQkghJ+sBrP3xLoTvkjb2om5UIE0aDS3bLoQhAiGNPH0xr3aRV9QG2jC/JrW0zCZ+ft/dJos=" moz-do-not-send="true">https://gist.github.com/robstradling/a5590b6a13218fe561dcb5d5c67932c5</a><br>
</div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
The four most popular choices are no
surprise: RSA-2048, P-256, RSA-4096,
and P-384. openssl-blacklist covers
RSA-2048 and RSA-4096, and ECC keys
are implicitly not Debian weak keys.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0);
font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt">Fifth most popular
is RSA-3072, with over 3 million
unexpired, publicly-trusted server
certs. openssl-blacklist doesn't
cover RSA-3072, but ISTM that this
is a key size that CAs will want to
permit.</span><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0);
font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Some of the lesser used key sizes are
mostly likely due to Subscriber typos
(e.g., 2408 and 3048 were probably
intended to be 2048, 4048 was probably
intended to be either 2048 or 4096,
etc), but some of the other ones look
like they were deliberately chosen
(e.g., 2432 is 2048+384). Is it worth
generating Debian weak keys/blocklists
for any of these key sizes?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0);
font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt"><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0);
font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-57pt1r5.pdf&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954403169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JRYwvgbrG1OuFxzL3b4dV1IdIaIF6NGXH7jkJw%2FQjMM%3D&reserved=0" originalsrc="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf" shash="gNz80rUfPTAMRKoJdHGH6aiRwKeQ30yBfhE8ttxHsfU8u0CY3579qXUCKAJj4Ghyp/idTzxi8Q5K0go+PsN0nuG/Pm6/McZ8tNepJGNVjKePE6tptCDLpJW5sLhFgDAlQ/bAdUNFREH+ikVG/pXiwS45cjLCQj5vxbci2lS2/h4=" moz-do-not-send="true">https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf</a> (Table
4, p59) permits RSA-2048 until the
end of 2030, whereas </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.sogis.eu%2Fdocuments%2Fcc%2Fcrypto%2FSOGIS-Agreed-Cryptographic-Mechanisms-1.2.pdf&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954413126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sjDil3UqhOzc0t4hO5HumENGmxYVqZ4xu56bu42bgKg%3D&reserved=0" originalsrc="https://www.sogis.eu/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.2.pdf" shash="ewncrtoZuH1r02Zw2+K5RNWPoPoF7HQy6EyBYAKOOVp1eRsT/kTEuqKnODGIZChvsZaE8khZsAjROspbZqnekWFd2k+9AdeOpqMmLJWXcoBuVkOHtrgNnOHCSquX4J7hry3/3xcGpI0zoiQjwCFje8kJK6OXXZycDAZLb9dpKcg=" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt" moz-do-not-send="true">https://www.sogis.eu/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.2.pdf</a> permi
ts
RSA-2048 only until the end of 2025.
It is of course possible that quantum
computing will render RSA obsolete
before Subscribers need to think about
which larger RSA keysize they want to
migrate to; however, it seems prudent
to also plan for the possibility that
RSA will survive and that some other
RSA keysize(s) might become popular.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block;
width:98%">
<div id="x_x_x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
Servercert-wg
<a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:servercert-wg-bounces@cabforum.org" moz-do-not-send="true">
<servercert-wg-bounces@cabforum.org></a> on behalf of Rob
Stradling via Servercert-wg
<a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Sent:</b> 06 January 2021 16:08<br>
<b>To:</b> Jacob Hoffman-Andrews <a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:jsha@letsencrypt.org" moz-do-not-send="true">
<jsha@letsencrypt.org></a>;
Christopher Kemmerer <a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:chris@ssl.com" moz-do-not-send="true">
<chris@ssl.com></a>; CA/B
Forum Server Certificate WG Public
Discussion List <a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true">
<servercert-wg@cabforum.org></a><br>
<b>Subject:</b> Re: [Servercert-wg]
SCXX Ballot proposal: Debian Weak
keys</font>
<div> </div>
</div>
<div dir="ltr">
<div style="background-color:#FAFA03;
width:100%; border-style:solid;
border-color:#000000;
border-width:1pt; padding:2pt;
font-size:10pt; line-height:12pt;
font-family:'Calibri'; color:Black;
text-align:left">
<span style="color:000000">CAUTION:</span>
This email originated from outside
of the organization. Do not click
links or open attachments unless you
recognize the sender and know the
content is safe.</div>
<br>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<div style="margin:0px;
font-size:12pt">Jacob wrote:</div>
<div style="margin:0px;
font-size:12pt">> Lastly, I
think we should archive
openssl-blacklist, and include
in the BRs: "A CA may reject the
full set of Debian weak keys by
rejecting this superset of the
Debian weak keys:</div>
<div style="margin:0px;
font-size:12pt">><br>
<div>> - All RSA public keys
with modulus lengths other
than 2048 or 4096, and</div>
<div>> - All RSA public keys
with exponents other than
65537, and</div>
<div><br>
</div>
<div>Hi Jacob. 65537 (aka
0x10001) is hard-coded here...</div>
<div><span style="background-color:rgb(255,255,255);
display:inline!important"><br>
</span></div>
<div><span style="background-color:rgb(255,255,255);
display:inline!important"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fblob%2FOpenSSL_0_9_8f%2Fapps%2Freq.c%23L768&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954413126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=x4RdtrOp60DOZcpOymaXECgx9v2kK5%2Bwck3gqhxovAk%3D&reserved=0" originalsrc="https://github.com/openssl/openssl/blob/OpenSSL_0_9_8f/apps/req.c#L768" shash="S/Ga/ubwhiv0WDmKxzRdng9OS5pTWFWkdbzjHMxG93xTxnTEJn+pNcy5H0Vf6vkGsZeFLUoKjvsxXpFs6xMaLjBKAQCCtnXGg7SEzoeGTP6+ZPqwJ/D/RPdgEcoRsqTKmBYdYjGuu6VXIaFbvBCcjQxNU3DMxQcVSruvmSOvf/0=" moz-do-not-send="true">https://github.com/openssl/openssl/blob/OpenSSL_0_9_8f/apps/req.c#L768</a><br>
</span></div>
<div><br>
</div>
<div>Would it therefore be fair
to say that keys with public
exponents other than 65537 are
implicitly
<u>not</u> Debian weak keys?</div>
<div><br>
</div>
> - All RSA public keys that
are detected as vulnerable by
the openssl-vulnkey program in
the openssl-blacklist package
version 0.5-3 (see addendum), or
an equivalent program."</div>
</div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt;
color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block;
width:98%">
<div id="x_x_x_x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
Servercert-wg
<a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:servercert-wg-bounces@cabforum.org" moz-do-not-send="true">
<servercert-wg-bounces@cabforum.org></a> on behalf of Jacob
Hoffman-Andrews via
Servercert-wg
<a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Sent:</b> 12 December 2020
02:21<br>
<b>To:</b> Christopher
Kemmerer <a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:chris@ssl.com" moz-do-not-send="true">
<chris@ssl.com></a>;
CA/B Forum Server Certificate
WG Public Discussion List <a class="x_x_x_moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true">
<servercert-wg@cabforum.org></a><br>
<b>Subject:</b> Re:
[Servercert-wg] SCXX Ballot
proposal: Debian Weak keys</font>
<div> </div>
</div>
<div>
<div style="background-color:#FAFA03;
width:100%;
border-style:solid;
border-color:#000000;
border-width:1pt; padding:2pt;
font-size:10pt;
line-height:12pt;
font-family:'Calibri';
color:Black; text-align:left">
<span style="color:000000">CAUTION:</span>
This email originated from
outside of the organization.
Do not click links or open
attachments unless you
recognize the sender and know
the content is safe.</div>
<br>
<div>
<div dir="ltr">Thanks for your
continued efforts to improve
this part of the BRs! Let's
Encrypt is in theory
interested in endorsing, but
I think it still needs a bit
of work. Thanks for
incorporating my most recent
comments on endianness and
word size vs 11 platforms.<br>
<br>
Goals: We want CAs to
consistently not issue
certificates for weak keys
in general, and also in the
specific case of Debian and
ROCA keys. We want the
definition of Debian and
ROCA keys to be clear and
actionable for as long as
possible - say, at least
twenty years.<br>
<br>
We have three ways to
specify Debian and ROCA
keys: With a list, with a
tool, or with an algorithm*.
The original revision of
this ballot proposed to use
a list (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fpipermail%2Fservercert-wg%2F2020-April%2F001821.html&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954423081%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=rsy9wnrty4nLwQNxakiUnSVDtbAXa%2F8uhRsoWcz4RMY%3D&reserved=0" originalsrc="https://lists.cabforum.org/pipermail/servercert-wg/2020-April/001821.html" shash="q6owYManJl5vv7r7kaVaytVdG8kMxAZHtDP96JwDrVcC6CMuevjMhaerp9q0j4JuyScPS1ZZMPbwX+jEZhx9jeY+DuEyTna4zpyPh01JHMmc3Ub8JQlSFGviM/z7HGBi44VoydsQEsOfuL9yx5VQZxRDvOUxd3UUenLxK0gC/vM=" moz-do-not-send="true">https://lists.cabforum.org/pipermail/servercert-wg/2020-April/001821.html</a>).
There were two objections:<br>
<br>
- The list
(openssl-blacklist) is
subject to change or
removal.<br>
- The list only covers 2048
and 4096 bit keys.<br>
<br>
The current draft proposes
specifying a tool for ROCA (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcrocs-muni%2Froca&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954423081%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=L7GlRLH4DfxsZkruEioaA97Xy%2Bbl1Ru4caU3zeSSI%2F4%3D&reserved=0" originalsrc="https://github.com/crocs-muni/roca" shash="acPAZvzICXzC2chmYmghItTWvJciJinlR0BG6D6NnxhjxW6VPqy3hf7lPxyVFRLc828VNZKqGqEmLHkopGtB81yQM5znlmueSs/9+BD8bwtYSZdBxDv9RHQ4BFJwxiIQrHWal3xe9gWe20JBS+zvVFjr7IXqJn0f/e7u+LowVnY=" moz-do-not-send="true">https://github.com/crocs-muni/roca</a>)
and an algorithm for Debian
keys.<br>
<br>
The ROCA tool is subject to
change or removal, just like
the openssl-blacklist
package. I propose we
instead specify ROCA
detection in terms of the
paper (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrocs.fi.muni.cz%2Fpublic%2Fpapers%2Frsa_ccs17&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954433037%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=faFx80ndwx3wGDq6lkYKoGzSIKSjx9e2UPS0eNsZp7o%3D&reserved=0" originalsrc="https://crocs.fi.muni.cz/public/papers/rsa_ccs17" shash="YrMVZa9zArKu59x+zLt4ieVhfliH1zbad2enXeN1WcWtYzJ6zS1Fph1+oDn2nnBahpfm210FxujRsGbeI6coyvQqJM1Q+Xz1w1KHEDdXd9H2v4KmHzVvwlYwXjI5emspPT6AlQJGIkCrpwMOKpzA7KV6NQpo3Yo+X+dO91Me53A=" moz-do-not-send="true">https://crocs.fi.muni.cz/public/papers/rsa_ccs17</a>)
and ask for permission from
the authors to archive an
unchanging copy as an
addendum to the BRs.<br>
<br>
For Debian keys, what looks
like an algorithm
specification is actually a
tool + algorithm
specification. The tool is
"OpenSSL 0.9.8c-1 up to
versions before 0.9.8g-9 on
Debian-based operating
systems" (per CVE-2008-01666
-
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3D2008-0166&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954433037%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GCbLY7haF2aOY5C3Sa8qM61qnIeRq89%2BsIyWXf6dMPE%3D&reserved=0" originalsrc="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0166" shash="Gxy0OWy+obUWGZTThv40M/k6wxF48bbA6xwUion7MZWjiSaUydfqhPby56nH+/2Hhf8nufGPRR2HvlWgUTQ/hQ3WRRSmc/sgbm9z7t+jkeYGs2xGavD2xofarS6N0siVtz9bXbQvNWdyYlbmfy4SGeqrL599qHO2S3KSw7kSSRg=" moz-do-not-send="true">
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0166</a>). To ensure
an unchanging copy of that,
we should archive 3 copies
of Debian, for the 3 word
size + endianness
combinations.<br>
<br>
The algorithm also needs an
additional line: "v) using
the command 'openssl req
-nodes -subj / -newkey
rsa:<Public Key
length>'" (adapted from
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsources.debian.org%2Fdata%2Fmain%2Fo%2Fopenssl-blacklist%2F0.5-3%2Fexamples%2Fgen_certs.sh&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954433037%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zGC8USg1Ws3rjKBdESFCVT2L2UJz9QjyddJtrRkpZQA%3D&reserved=0" originalsrc="https://sources.debian.org/data/main/o/openssl-blacklist/0.5-3/examples/gen_certs.sh" shash="OL2gPtwJQ5YG/miIa2Gt4+RJntZIDU5QZN6FWP2mPJ4p+SYVhUWqNOH/HNVU3B5C6uuKB+yW4GvW/FFpa43uHA+tRJXrVqCWPDTDRT+zNPxq5v+j9ddhh75osvhk30rlXnX7XMF3tv0gW4MAFLh7DkTWLjhIQGxXVya6/E6VtHk=" moz-do-not-send="true">
https://sources.debian.org/data/main/o/openssl-blacklist/0.5-3/examples/gen_certs.sh</a>).
Other tools that linked
OpenSSL, like openvpn and
openssh, generated different
sets of keys. We can include
or exclude openvpn and
openssh keys, but should
thoroughly specify.<br>
<br>
Lastly, I think we should
archive openssl-blacklist,
and include in the BRs: "A
CA may reject the full set
of Debian weak keys by
rejecting this superset of
the Debian weak keys:<br>
<br>
- All RSA public keys with
modulus lengths other than
2048 or 4096, and<br>
- All RSA public keys with
exponents other than 65537,
and<br>
- All RSA public keys that
are detected as vulnerable
by the openssl-vulnkey
program in the
openssl-blacklist package
version 0.5-3 (see
addendum), or an equivalent
program."<br>
<br>
My reasoning: Given the
difficulty of correctly
setting up old Debian
versions and generating weak
keys for sizes that are not
part of openssl-blacklist, I
expect most CAs will choose
this path. Given that, we
should just say what we
mean: the pregenerated list
is fine if you restrict key
sizes, but you don't *have*
to restrict key sizes, so
long as you have an
alternate method to ensure
you're not issuing for
Debian weak keys at other
sizes.<br>
<br>
*I'm considering specifying
an algorithm to be
functionally equivalent to
specifying an "outcome,"
though I recognize this may
be too hand-wavy.<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="x_x_x_mimeAttachmentHeader"></fieldset>
<pre class="x_x_x_moz-quote-pre">_______________________________________________
Servercert-wg mailing list
<a class="x_x_x_moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org" moz-do-not-send="true">Servercert-wg@cabforum.org</a>
<a class="x_x_x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=04%7C01%7C%7Ce2b4b1c02cde4de101b308d91619376c%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637565120954442992%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=whOASQm29RlwypzcfdPuXhaWpdxbLkILLwRr2RXnSFE%3D&reserved=0" originalsrc="https://lists.cabforum.org/mailman/listinfo/servercert-wg" shash="o6jcflNDGp3QGqP6f8SgCj6c+FBBZmpLwupBL+ytqOfxBMBAfATrm6vCPH3YjwDy34ZlICXlQpEjCxORjRv3A73jC+AgIzg/Ry78xpi1T0VUV1/DzfBg8Atku7oO445Bqv8I61OhoyQTSreU1UOy4hrabVsu7H4neXCY590FJ/s=" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</body>
</html>