[cabfpub] Intent to Deprecate: SHA-1 certificates

Ryan Sleevi rsleevi at chromium.org
Thu Sep 4 15:38:55 UTC 2014

On Sep 4, 2014 7:54 AM, "Tim Hollebeek" <THollebeek at trustwave.com> wrote:
> My biggest problem with Google’s policy is that it is going to lead to
quite a bit of advice to end users along the lines of “please ignore the
red slash through the lock; your connection is still secure”.  This is
because Google failed to coordinate the change with CAs, and websites have
no choice but to issue such guidance since Google decided to ambush the
internet community with this change.

Please read the update.

I'm sorry to hear that you feel 9 months warning represents an ambush. When
the alternative is the five years afforded MD5 while it was
catastrophically broken, 9 months may certainly seem a short time to be
proactive about security, even though 9 months is itself tragically and
catastrophically long to most security practitioners.

> Red should mean there’s actually something actually wrong with the
certificate, or that the certificate does not meet *agreed upon*
requirements, not just “Google doesn’t like it”.  Feel free to use various
forms of “less green” for things you feel are less trusted, but when you
start putting up red UI elements, you’re just making an extremely confusing
user experience even more confusing.

There are no agreed upon requirements. Every effort in the Forum was
stalled by those who, for various reasons, prefer to continue using SHA-1,
despite agreeing to its deprecation in 2011.

The requirements that you called agreed upon were unilaterally declared by
Microsoft, have seen a number of comments on this thread and others that
they are 'non-final' and thus not requiring action by CAs until the 2015
evaluation, and have seen significant negative reaction from some CAs that
feel 2017 is too soon, and 2020 or 2021 would be better.

Let's not rewrite the history of the discussions here, nor suggest that the
2017 date, nearly 3 and a half years away when it was proposed, has not
also been painted as an ambush upon the CA community.

> I am extremely disappointed with Google’s unwillingness to engage in
serious discussion about this issue.  This, combined with Google’s
rejection out of hand of the code signing requirements before they are even
finalized has caused me to have serious concerns about whether Google is
capable of working productively with other companies to improve the
security of the internet.  *Please* prove me wrong.

I think the evidence has been quite to the contrary. We are very much
committed to serious and thoughtful discussion of the issues at hand,
taking in to consideration the broader set of risks, compatibility issues,
security concerns, and the need for CAs to be able to meaningfully respond
to and address security issues as they arise, ideally during a responsible
wind-down period.

The latter part is a very interesting way to phrase what is ultimately a
desire to continue using SHA-1, well beyond when it is safe or recommended
to do so, despite years of efforts to transition away from this insecure

I think when the alternatives are to leave users at risk, or to risk even
greater breakages in 2017 due to CA inaction and failures to communicate,
prepare, or take serious the risks posed, that you can thoughtfully and
productively realize that this measurably makes the Internet more secure,
far more than the alternatives proposed, all of which critically fail to
address these concerns.

> -Tim
> From:public-bounces at cabforum.org[mailto:public-bounces at cabforum.org] On
Behalf Ofkirk_hall at trendmicro.com
> Sent: Friday, August 29, 2014 1:09 AM
> To: Chris Palmer; Jeremy Rowley
> Cc: blink-dev; net-dev; rsleevi; CABFPub (public at cabforum.org)
> Subject: Re: [cabfpub] Intent to Deprecate: SHA-1 certificates
> Chris – a serious question.  Is it true that  google.com is still using
SHA-1 in both end-entity and intermediate certificates today (as has been
posted to this site)?  If so, how can Google be so condemning of ordinary
websites that are also using SHA-1 certs today, even though there has been
discussion of SHA-1’s potential weakness, as you say, for several years?
> So many of the postings on this topics have shown a strong antipathy
toward CAs – toward ALL CAs, without making any distinctions.  Google is
painting everyone with the same brush.  How can we turn this around, and
create a more collaborative environment among browsers, browser users, CAs,
website owners?
> Google’s current policy will be creating a kind of chaos for many website
owners in the next few weeks who have no idea why this is happening.  It
will be affecting websites that have already started transition plans to
SHA-256 certs before 2017.  Isn’t there a better way?
> From:security-dev at chromium.org[mailto:security-dev at chromium.org]
> Sent: Thursday, August 28, 2014 9:54 PM
> To: Jeremy Rowley
> Cc: blink-dev; security-dev; rsleevi; net-dev
> Subject: Re: Intent to Deprecate: SHA-1 certificates
> > Only if one ignores fairly clear statements from 6 months ago. Keep in
mind that it's already 12 *years* after we've known from public literature
that SHA-1 is significantly weaker than its designed guarantee.
> Oops, 9 years now; 12 years in 2017. Sorry about that.
> To unsubscribe from this group and stop receiving emails from it, send an
email tosecurity-dev+unsubscribe at chromium.org.
> The information contained in this email and any attachments is
> and may be subject to copyright or other intellectual property protection.
> If you are not the intended recipient, you are not authorized to use or
> disclose this information, and we request that you notify us by reply
mail or
> telephone and delete the original message from your mail system.
> ________________________________
> This transmission may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is strictly prohibited. If you
received this transmission in error, please immediately contact the sender
and destroy the material in its entirety, whether in electronic or hard
copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140904/8cc664f8/attachment-0003.html>

More information about the Public mailing list