<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Hi Mads,<div><br></div><div>The current text in the BRs states:</div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div>"The CA is aware of a demonstrated or proven method to easily compute the Applicant's Private Key based on the Public Key (such as a Debian weak key, see <https://wiki.debian.org/SSLkeys>).”</div></blockquote><div><br></div>I don’t see where/how this limits the scope of the requirement to any subset of possible Debian weak keys. That is to say, I don’t think the proposed ballot text practically impacts the need for a CA to already have been identifying all possible Debian weak keys for all key sizes supported by the CA. If anything, it seems the current requirement is broader, and therefore more restrictive, than the updated requirement in this ballot, which sets forth four specific requirements which all must be met in order for the CA to be required to reject the Debian weak key.<div><br></div><div>I realize the discussion period has closed for this ballot, but wanted to share this view as I may have missed some important point or context which has lead to this difference of interpretation.</div><div><br></div><div>Cheers,</div><div>-Clint<br><div><div><br><blockquote type="cite"><div>On Jul 5, 2023, at 11:32 PM, Mads Egil Henriksveen <Mads.Henriksveen@buypass.no> wrote:</div><br class="Apple-interchange-newline"><div><meta charset="UTF-8"><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">From my point of view the proposed ballot text requires that a CA must be able to identify all possible (theoretical?) Debian weak keys for all key sizes supported by the CA. In practice this would mean that we will have to limit the supported key sizes to the those were it’s feasible to identify such keys (e.g. 2048, 4096 bits RSA – as defined in available tools). This is possible, but not optimal for us. If the Debian weak key requirement will be removed or loosened up later, we could revert the supported key sizes again and this would be confusing for our Subscribers and the market.<o:p></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">I would therefore prefer that we decide how we would like the treatment of Debian weak keys (for all key sizes) should be in the future now - before the ballot is finalized. I am in favor of CAs checking for vulnerable keys, but not if the risk of using such keys is mostly theoretical.<span class="Apple-converted-space"> </span><o:p></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Regards<o:p></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Mads<span class="Apple-converted-space"> </span><o:p></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div><div style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0in 0in;"><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><b>From:</b><span class="Apple-converted-space"> </span>Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" style="color: blue; text-decoration: underline;">servercert-wg-bounces@cabforum.org</a>><span class="Apple-converted-space"> </span><b>On Behalf Of<span class="Apple-converted-space"> </span></b>Wayne Thayer via Servercert-wg<br><b>Sent:</b><span class="Apple-converted-space"> </span>Thursday, July 6, 2023 12:40 AM<br><b>To:</b><span class="Apple-converted-space"> </span>Clint Wilson <<a href="mailto:clintw@apple.com" style="color: blue; text-decoration: underline;">clintw@apple.com</a>>; CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" style="color: blue; text-decoration: underline;">servercert-wg@cabforum.org</a>><br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [Servercert-wg] SC-59 Weak Key Guidance v.2 - Discussion Period<o:p></o:p></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div><div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">On Wed, Jul 5, 2023 at 2:15 PM Clint Wilson via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" style="color: blue; text-decoration: underline;">servercert-wg@cabforum.org</a>> wrote:<o:p></o:p></div></div><div><blockquote style="border-width: medium medium medium 1pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor rgb(204, 204, 204); border-image: none; padding: 0in 0in 0in 6pt; margin: 5pt 0in 5pt 4.8pt;"><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">I agree with the ballot author(s) and endorsers. This ballot is focused on addressing gaps in the current BRs related to overall weak key guidance (not just Debian weak key checks). The topic of removing the requirement for Debian weak key checking is separate from what I understand the intent and goal of this ballot to ever have been and should be addressed in its own ballot. <o:p></o:p></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Is the concern from CAs that the Debian weak key requirements in this ballot are meaningfully different than what they’re doing today, and they’d like to avoid doing that work? If so, can you explain what the difference(s) is and what impact it’s expected to have for your CA? <o:p></o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div></div></div></blockquote><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">I don't want to speak for Christophe, but the proposed requirements for checking Debian weak keys are clearly more prescriptive and will at a minimum require any diligent CA to evaluate their implementation to verify compliance. I don't think it's unreasonable to assume that some CAs will need to make changes to fully comply. Given the debate about the value of this requirement, moving ahead is a suboptimal use of CA resources.<o:p></o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Suggestion: Perhaps the specifics could be removed from the Debian weak keys list item in this ballot and deferred to a future ballot that either completely removes, or adds the desired detail to the requirement?<o:p></o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Thanks,<o:p></o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Wayne<o:p></o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div></div><blockquote style="border-width: medium medium medium 1pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor rgb(204, 204, 204); border-image: none; padding: 0in 0in 0in 6pt; margin: 5pt 0in 5pt 4.8pt;"><div><div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">FWIW my read of the current situation is that I don’t think there’s consensus to remove Debian weak key checks at this time, but I do think there’s at least rough consensus that it’s a topic worth discussing/pursuing.<o:p></o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Thanks,<o:p></o:p></div></div><div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">-Clint</div></div></div></div></blockquote></div></div></div></div></blockquote></div><br></div></div></body></html>