[cabfpub] Need exception to 1024-bit revocation requirement

Tom Albertson tomalb at microsoft.com
Fri Jun 7 17:33:42 UTC 2013


We all measure the risk of 1024 RSA differently it seems.  The proximate risk of 1024 RSA is not very different on 1 Jan 2014 than it will be on 31 Dec 2013 (absent developments in the next few months, or some hacker with a Dr. Evil motive to wake up the PKI world with a novel factoring attack on New Year's Day).  The risk of 1024 certs on 31 Dec 2014 however is greater than it will be at the end of 2013 - how much greater, I haven't a clue.  Risk for algorithms and key lengths increases over time.   NIST has measured the risk of 1024 certs and set a date of 31 Dec 2013 to expire them.  Microsoft follows that recommendation - CAs must stop issuing certs that expire after that date.  

This issue comes from making policy for a PKI industry that already made its commitments to 1024 RSA before anyone even started setting deadlines to sunset 1024 issuance.  There are donuts in such a policy however, including Visa and other systems dependent on older hardware, such that some 1024 certs will expire after the NIST (or BR or MS) deadlines.  Visa should recognize this, they are  in the risk business, otherwise I submit you don't understand credit companies very well.  

We should accept that certain systems won't comply with the BR or other guidelines on 1 Jan 2014. Microsoft accepts it anyway - we state that "those [1024] certificates should be considered "deprecated" or "restricted" according to the use of those terms, defined in the NIST document." http://social.technet.microsoft.com/wiki/contents/articles/a-note-on-implementation-of-the-requirement-to-issue-longer-key-length-certificates-december-7-2010.aspx    NIST means I think that 1024 RSA shouldn't be used to protect anything secret or sensitive, and translated into the commercial world you would expect that 1024 certs are not used to protect anything of terribly high value.  We also put if plainly in our Program requirements, that CAs who issue such certificates do so at their own peril.  http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements.aspx   In the event of an imminent attack against 1024 RSA, Microsoft and other vendors will be faced with an assessment of flipping the switch on all 1024 RSA, or possibly on part of them, by flipping the trust switch on specific sub-CAs.  

No one has a crystal ball that can tell them when 1024 RSA will face a factoring challenge that makes [Visa] 1024 certs vulnerable to attack. According to current detections, its not today.  For my money, there are better targets for a viable attack than end entity certs.  

Cheers, Tom


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Rick Andrews
Sent: Friday, June 7, 2013 9:30 AM
To: Phillip
Cc: public at cabforum.org
Subject: Re: [cabfpub] Need exception to 1024-bit revocation requirement

The problem is that any CA that has issued such SSL certs to such non-web PKI applications, and needs to continue to issue them for business continuity, will fail their audit and will have to engage in a discussion with each trust store owner to convince them to retain their roots. 

It's not just us and its not just this particular usage. Other CAs have the same issue. 

-Rick

On Jun 7, 2013, at 9:13 AM, "Phillip" <philliph at comodo.com> wrote:

> I thought that the original point of the drop dead date was that the browsers are going to stop trusting 1024 bit certs at some point in the future.
> 
> Ergo there should be no need for an exception. Mozilla, IE, Google etc. just turn off support for the 1024 bit certs in their browsers. The Visa certs are issued as before but the only devices that will accept them are the Visa POS terminals. (Point of Sale)
> 
> So what is the problem?
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public






More information about the Public mailing list