[cabfpub] [cabfman] Ballot [93] - Reasons for Revocation (BR issues 6, 8, 10, 21)
Jeremy Rowley
jeremy.rowley at digicert.com
Fri Nov 2 09:09:15 MST 2012
We'll endorse. Robin said he'd endorse via the phone.
Jeremy
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Yngve Nysaeter Pettersen
Sent: Friday, November 02, 2012 5:25 AM
To: 'Mads Egil Henriksveen'; 'Rick Andrews'; Ben Wilson
Cc: 'CABFMAN'; public at cabforum.org
Subject: Re: [cabfpub] [cabfman] Ballot [93] - Reasons for Revocation (BR
issues 6, 8, 10, 21)
Looks OK to me.
On Fri, 02 Nov 2012 04:25:34 +0100, Ben Wilson <ben at digicert.com> wrote:
> What if Part E of Ballot 93 read,
>
> 1. Add the following to Section 3. References
>
> "NIST SP 800-89, Recommendation for Obtaining Assurances for Digital
> Signature Applications,
> http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November20
> 06.pdf
> "
>
> 2. Add the following after Appendix A, table (3):
>
> "(4) General requirements for public keys (Effective 1 January 2013)
> RSA: The CA SHALL confirm that the value of the public exponent is an
> odd number equal to 3 or more. Additionally, the public exponent
> SHOULD be in the range between 2^16+1 and 2^256-1. The modulus SHOULD
> also have the following characteristics: an odd number, not the power
> of a prime, and
> have no factors smaller than 752. [Source: Section 5.3.3, NIST SP
> 800-89]."
> ?
>
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org]
> On Behalf Of Mads Egil Henriksveen
> Sent: Wednesday, October 31, 2012 12:33 PM
> To: Rick Andrews; Yngve N. Pettersen (Developer Opera Software ASA)
> Cc: CABFMAN; public at cabforum.org
> Subject: Re: [cabfpub] [cabfman] Ballot [93] - Reasons for Revocation
> (BR issues 6, 8, 10, 21)
>
> Hi
>
> I do agree with Rick.
>
> And it is not clear to me which parts of the NIST document we must
> consider.
> If it's only the public key recommendations in chapter 3.1, i.e. table
> 3.2
> and the paragraph before, why not just include this in the BR (isn't
> this already included for RSA) and remove the reference to the NIST
document?
>
> The rest of this twenty-page document is mostly out-of-scope.
>
> Regards
> Mads
>
> -----Original Message-----
> From: management-bounces at cabforum.org
> [mailto:management-bounces at cabforum.org] On Behalf Of Rick Andrews
> Sent: 31. oktober 2012 19:10
> To: Yngve N. Pettersen (Developer Opera Software ASA)
> Cc: CABFMAN; public at cabforum.org
> Subject: Re: [cabfman] [cabfpub] Ballot [93] - Reasons for Revocation
> (BR issues 6, 8, 10, 21)
>
>> -----Original Message-----
>> From: public-bounces at cabforum.org
>> [mailto:public-bounces at cabforum.org]
>> On Behalf Of Yngve N. Pettersen (Developer Opera Software ASA)
>> Sent: Wednesday, October 31, 2012 8:53 AM
>> To: Rick Andrews
>> Cc: CABFMAN; public at cabforum.org
>> Subject: Re: [cabfpub] [cabfman] Ballot [93] - Reasons for Revocation
>> (BR issues 6, 8, 10, 21)
>>
>> On Wed, 31 Oct 2012 16:31:35 +0100, Rick Andrews
>> <Rick_Andrews at symantec.com> wrote:
>>
>> > Ben and Yngve,
>> >
>> > Thanks for the clarifications. I understand then that CAs can check
>> for
>> > coprime with phi(n) only for their own roots and intermediates, not
>> for
>> > end entity certs. But this ballot will require all CAs to check
>> > that
>> the
>> > exponent is odd and within that range for all end entity certs,
>> > effective immediately.
>>
>> Which is essentially the current requirements in the referenced NIST
>> document.
>
> Yngve, just for the record, that NIST document establishes
> requirements for Personal Identity Verification (PIV) for US
> Government agencies. It's a recommendation for everyone else, and does
> not explicitly mention SSL or TLS. I agree that its recommendations
> make sense for SSL certs too, but let's be clear that it does not
> impose any requirements on CAs who sell SSL certs, especially non-US
> CAs.
>
> -Rick
> _______________________________________________
> Management mailing list
> Management at cabforum.org
> https://cabforum.org/mailman/listinfo/management
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
--
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer Email: yngve at opera.com
Opera Software ASA http://www.opera.com/
Phone: +47 96 90 41 51 Fax: +47 23 69 24 01
********************************************************************
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list