[cabfpub] [cabfman] Ballot [93] - Reasons for Revocation (BR issues 6, 8, 10, 21)

Jeremy Rowley jeremy.rowley at digicert.com
Fri Nov 2 09:09:15 MST 2012 

We'll endorse.  Robin said he'd endorse via the phone.

Jeremy

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Yngve Nysaeter Pettersen
Sent: Friday, November 02, 2012 5:25 AM
To: 'Mads Egil Henriksveen'; 'Rick Andrews'; Ben Wilson
Cc: 'CABFMAN'; public at cabforum.org
Subject: Re: [cabfpub] [cabfman] Ballot [93] - Reasons for Revocation (BR
issues 6, 8, 10, 21)

Looks OK to me.


On Fri, 02 Nov 2012 04:25:34 +0100, Ben Wilson <ben at digicert.com> wrote:

> What if Part E of Ballot 93 read,
>
> 1.  Add the following to Section 3. References
>
> "NIST SP 800-89, Recommendation for Obtaining Assurances for Digital 
> Signature Applications, 
> http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November20
> 06.pdf
> "
>
> 2.  Add the following after Appendix A, table (3):
>
> "(4) 	General requirements for public keys (Effective 1 January 2013)
> RSA: The CA SHALL confirm that the value of the public exponent is an 
> odd number equal to 3 or more.  Additionally, the public exponent 
> SHOULD be in the range between 2^16+1 and 2^256-1.  The modulus SHOULD 
> also have the following characteristics:  an odd number, not the power 
> of a prime, and
> have no factors smaller than 752.    [Source:  Section 5.3.3, NIST SP
> 800-89]."
> ?
>
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] 
> On Behalf Of Mads Egil Henriksveen
> Sent: Wednesday, October 31, 2012 12:33 PM
> To: Rick Andrews; Yngve N. Pettersen (Developer Opera Software ASA)
> Cc: CABFMAN; public at cabforum.org
> Subject: Re: [cabfpub] [cabfman] Ballot [93] - Reasons for Revocation 
> (BR issues 6, 8, 10, 21)
>
> Hi
>
> I do agree with Rick.
>
> And it is not clear to me which parts of the NIST document we must 
> consider.
> If it's only the public key recommendations in chapter 3.1, i.e. table
> 3.2
> and the paragraph before, why not just include this in the BR (isn't 
> this already included for RSA) and remove the reference to the NIST
document?
>
> The rest of this twenty-page document is mostly out-of-scope.
>
> Regards
> Mads
>
> -----Original Message-----
> From: management-bounces at cabforum.org
> [mailto:management-bounces at cabforum.org] On Behalf Of Rick Andrews
> Sent: 31. oktober 2012 19:10
> To: Yngve N. Pettersen (Developer Opera Software ASA)
> Cc: CABFMAN; public at cabforum.org
> Subject: Re: [cabfman] [cabfpub] Ballot [93] - Reasons for Revocation 
> (BR issues 6, 8, 10, 21)
>
>> -----Original Message-----
>> From: public-bounces at cabforum.org 
>> [mailto:public-bounces at cabforum.org]
>> On Behalf Of Yngve N. Pettersen (Developer Opera Software ASA)
>> Sent: Wednesday, October 31, 2012 8:53 AM
>> To: Rick Andrews
>> Cc: CABFMAN; public at cabforum.org
>> Subject: Re: [cabfpub] [cabfman] Ballot [93] - Reasons for Revocation 
>> (BR issues 6, 8, 10, 21)
>>
>> On Wed, 31 Oct 2012 16:31:35 +0100, Rick Andrews 
>> <Rick_Andrews at symantec.com> wrote:
>>
>> > Ben and Yngve,
>> >
>> > Thanks for the clarifications. I understand then that CAs can check
>> for
>> > coprime with phi(n) only for their own roots and intermediates, not
>> for
>> > end entity certs. But this ballot will require all CAs to check 
>> > that
>> the
>> > exponent is odd and within that range for all end entity certs, 
>> > effective immediately.
>>
>> Which is essentially the current requirements in the referenced NIST 
>> document.
>
> Yngve, just for the record, that NIST document establishes 
> requirements for Personal Identity Verification (PIV) for US 
> Government agencies. It's a recommendation for everyone else, and does 
> not explicitly mention SSL or TLS. I agree that its recommendations 
> make sense for SSL certs too, but let's be clear that it does not 
> impose any requirements on CAs who sell SSL certs, especially non-US 
> CAs.
>
> -Rick
> _______________________________________________
> Management mailing list
> Management at cabforum.org
> https://cabforum.org/mailman/listinfo/management
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public


--
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer		     Email: yngve at opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 96 90 41 51              Fax:    +47 23 69 24 01
********************************************************************
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public

More information about the Public mailing list