[cabfpub] For discussion: Restricting the use of file-based demonstrations of control

Rob Stradling rob.stradling at comodo.com
Mon Jun 2 21:04:36 UTC 2014 

On 02/06/14 15:30, Ryan Sleevi wrote:
> On Jun 2, 2014 7:15 AM, Rob Stradling wrote:
<snip>
> > Ryan, how about if the authorized CA was permitted to use each CSR
> > hash value as a demonstration of control a maximum of _once_ ?
>
> 1) Doesn't solve the CA A / CA B confusion I mentioned

By "authorized CA" I was assuming that the demonstration-of-control file 
would contain both the CSR Hash and the CA's domain name (as Comodo does 
today), and that if a CA supporting this scheme finds that it's not 
their domain name, then they MUST NOT issue.

> 2) Would prohibit issuance of a new cert for the same key, since CSRs
> don't contain a nonce, and the request would potentially be identical
> (thus same hash value, thus impossible to know if this is an old or new
> request).

Yeah OK, that makes it awkward.

Oh, BTW, our current scheme requires the attacker to generate a CSR that 
collides with both the SHA-1 _and_ MD5 hashes of the legitimate CSR.

I thought the N-bits-of-randomness-in-serial-numbers requirement was 
added specifically because SHA-1 is on its last legs.  Can we not say 
that SHA-256 (and, hopefully, SHA-1-plus-MD5) has a large enough 
security margin that the randomness requirement isn't actually necessary?

> I realize that in the case of "re-issuance", CA A likely has all the
> information necessary to issue without a new CSR, I just don't know if
> that is actually practiced. It would seem to induce yet another issuance
> path, which I understand CAs are not fond of.

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.

More information about the Public mailing list