[cabfpub] Ballot 111 - Accelerate Max Certificate Lifetime Reduction Timetable
Gervase Markham
gerv at mozilla.org
Thu Nov 28 15:06:30 MST 2013
On 28/11/13 20:53, kirk_hall at trendmicro.com wrote:
> 1. When we approved the BRs in July 2012, we selected the phase-out date
> of 1 April 2015 for most 60 month certs. That seemed adequate from an
> internet security standpoint.
The logic behind that decision was not "what is the most secure?", but
"what is the closest date we can persuade CAs to vote for?". The reason
people did not want an earlier date was explained at the time as the
need to replace existing long-lived certs. Those certs now need
replacing anyway, so that point is moot.
> Has anything changed from a security
> standpoint in the last 17 months that indicates we should shorten the
> phase out date by one year? Not that I’m aware of.
Nothing has changed from a security standpoint; we still want to reduce
it As Soon As Possible. What has changed, I submit, is the value of
Possible.
> 2. It is entirely possible that presently-unknown difficulties (perhaps
> SHA2 will break the Foo Algorithm) will push back Microsoft’s end-date
> for SHA1 from January 1, 2017 to a later date. (This kind of thing has
> happened before.) That would mean there was no real purpose in aligning
> the date for phase out of 60 month certs with the <current> phase out
> date for SHA1.
Would it help to allay this concern if Mozilla checked in code which
refused to recognise certs with a notBefore > 2014-04-01 and a notAfter
> 2017-01-01?
https://bugzilla.mozilla.org/show_bug.cgi?id=942515
> Are there any known security breaches from past-issued 60 month certs
> (such as someone stealing the private key plus using the cert beyond a
> 39 month expiration period, someone selling an old server that had a
> private key plus 60-month cert on it, change of corporate identity
> during a five-year period that rendered a properly-issued 60-month cert
> inaccurate, but the cert was still used, etc.)? Or is the concern more
> theoretical?
The problem with long-life certs is not any of the above; it's the
reduced agility of the certificate system as a whole. Every time we make
an improvement, we have to wait 5 years and 3 months before we can rely
on every certificate having been issued under the new rules or with the
new feature. That's too long.
Gerv
More information about the Public
mailing list