[cabfpub] To revoke or not to revoke 1024
kirk_hall at trendmicro.com
kirk_hall at trendmicro.com
Sun Jun 23 19:46:19 UTC 2013
We agree with Rick's analysis on all points, and believe no further action is required (and existing 1024 bit certs don't need to be revoked - they just can't be renewed).
There are many thousands of devices out there using 1024 bit devices (like the VISA merchant terminals Rick mentioned), they can't update to larger certs, they are not used in a web-based public mode (so are not likely targets of hackers). As Tom Albertson of Microsoft said, these certs should be treated as "use at your own risk", meaning that if 1024 bit certs do, in fact, become factored and present an actual threat to users (as opposed to theoretical threat today), at that point CAs might have to revoke the 1024 bit certs on relatively short notice to the user - and users would have to scramble then to come up with an alternative.
This seems like a common sense solution that moves the industry and users in the right direction (2048 bit certs as soon as possible after 2013), but recognizes the difficulty of dealing with widespread legacy applications and devices, and balancing the preferred outcome (switching out to 2048 bits by the end of 2013) with an evaluation of actual threat today (low) and alternatives if an actual risk appears (speedy revocation of 1024 bit certs at that time).
We think nothing more needs to be done at the CA/Browser Forum level, and we hope the browsers reach the same conclusions for their root program rules.
Kirk R. Hall
Operations Director, Trust Services
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Rick Andrews
Sent: Sunday, June 23, 2013 12:32 PM
To: public at cabforum.org
Subject: [cabfpub] To revoke or not to revoke 1024
We discussed this a bit in our face-to-face meeting in Munich, but did not reach consensus. I'd like to continue the conversation with all via the list.
Putting aside the question of "web pki" vs. "non-web pki", Symantec and other CAs would like to see if we can achieve consensus on these questions:
1. Do CAs need to revoke 1024-bit end-entity certs by the end of 2013?
a. I believe that some CAs believed that revoking such certs was mandatory. However, I see no hard evidence of that.
b. The BRs say that 1024-bit can be issued as long as the end date is before December 31, 2013. Others have said that a CA that was compliant with the BRs would not have issued a 1024-bit end entity cert after the effective date if its end date was 2014 or later. However, we've seen that not all CAs became compliant on July 1, 2012. Given what we now know about audits and effective dates, it seems to me that there is a lot of uncertainty here.
c. Apart from the BRs, CAs have to consider browser policy which may go above and beyond the BRs. In a private conversation with Tom Albertson of Microsoft, he told me that "Our policy doesn't contemplate CAs revoking EE certs issued before 1 Jan 2014, unless or until an RSA factoring attack is imminent, and we all go into response mode." Mozilla's policy seems to be similar - it says that such certs must expire by January 1, 2014, but it does not mandate that CAs revoke any such certs that would live beyond that date.
d. If there is no clear direction here, I propose that CAs simply let all 1024-bit end entity certs expire naturally, as long as the CA has stopped issuing 1024-bit end entity certs, and made an honest effort to comply with the BRs (hard to define, but at the very least would mean that the CA wasn't still issuing multi-year 1024-bit certs in 2013).
1. Since the BRs effectively cover only certs issued after "the effective date", does that mean that certs issued before "the effective date" don't need to be revoked?
e. That is my interpretation. Given what I said in 1) above, even those certs issued after the effective date don't need to be revoked, unless some browser's policy mandates that action.
1. What about code signing certs?
f. The BRs don't cover non-EV code signing certs, so again this goes back to browser policy. And unless some browser comes forth with unambiguous policy on code signing certs, I would suggest they are also off the table (do not need to be revoked).
Please comment, especially browser vendors. Thanks,
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public