[cabfpub] Revised document for Ballot 89 - Adopt Requirements for the Processing of EV SSL Certificates v.2
Yngve Nysaeter Pettersen
yngve at opera.com
Fri Oct 12 05:13:35 MST 2012
On Fri, 12 Oct 2012 02:31:44 +0200, Rick Andrews
<Rick_Andrews at symantec.com> wrote:
> Colleagues,
>
> I've updated the document again to include feedback from Kathleen. I
> changed the title back to Guidelines as opposed to Requirements, and
> changed a lot of musts to shoulds.
>
> Please look it over again, especially browser members. If we have
> consensus on this version, I'll advance it towards a ballot. Thanks,
Sectiion 3: Should the EVSSL reference be so specific about the version,
or is it possible to reference the most recent version instead?
Section 5: Does minimum requirements refer to the BR or EV guidelines? EV
was minimum requirements at the time of the first document, but we now
have the BR as a new minimum. I would suggest clarifying this section.
Section 10:
- What about Triple-DES? It may have 168 bit key material, but as far as
I know it can be argued that its real strength is 112 bit, when a
meet-in-the-middle brute force attack is used.
- Ephemeral Diffie-Hellman (DHE) cipher suites: Most servers use 1024
bit, but a large number use 768 bit (in particular captive portals;
example iBahn); see [1]. Should DHE keysize be included in the
determination of EV? What should the client do if the DHE keysize is too
low (at present Opera retries with reordered cipher suite sequence if the
keysize is less than 1024, but disabling the cipher suites may be better,
since some servers ignore the reordering; this could be done for EV with
too weak DHE). If so, what is "too low"? (IMO either less than 2048 bit
or less than the site certificate keysize). Of course, an issue here is
that this key size may be controlled by the server's code, not the
configuration.
Section 12:
- Perhaps it need to be made clear that the policy identifier (EV-OID)
does not match if the non-root issuing CA certificate(s) of the chain does
not contain either the EV-OID itself, or the any-policy OID?
Section 13:
- "should not be treated as trusted certificates" +1
- POST is only relevant for OCSP; it might be an idea to split OCSP
from CRL at this point.
- Following redirects can cause trouble when dealing with captive
portals. Opera does follow redirects for CRLs, but not OCSP.
- I think "cache-refresh" should not be used, instead use
"cache-expiration"
- Maybe it should be specified that the client should not send or accept
HTTP cookies when retrieving revocation information? (Opera does not send
or accept cookie for CRL/OCSP/AIA)
[1]
From this weeks run of the TLS prober:
All sites:
0 (not used) | 401706
512 | 575
768 | 1200
1024 | 317362
1536 | 1
2048 | 427
2049 | 1
EV sites
0 | 5877
512 | 10
768 | 4
1024 | 2795
2048 | 4
--
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer Email: yngve at opera.com
Opera Software ASA http://www.opera.com/
Phone: +47 96 90 41 51 Fax: +47 23 69 24 01
********************************************************************
More information about the Public
mailing list