[cabfpub] FW: Ballot - expiration of SHA1 certificates

LEROY Franck franck.leroy at certinomis.fr
Mon Sep 8 09:29:18 UTC 2014


Hello

>I think it would be better to say something like "SHA-1 MUST NOT be used as the signature hash algorithm" rather than list the particular signature algorithm OIDs that are not permitted.

Right, really better ;-)

Franck.

-----Message d'origine-----
De : Rob Stradling [mailto:rob.stradling at comodo.com] 
Envoyé : lundi 8 septembre 2014 11:27
À : LEROY Franck; kirk_hall at trendmicro.com; Ryan Sleevi; Tom Albertson
Cc : public at cabforum.org
Objet : Re: [cabfpub] FW: Ballot - expiration of SHA1 certificates

On 06/09/14 16:01, LEROY Franck wrote:
> hello
>
> _“Subscriber Certificates utilizing the SHA-1 algorithm “_ __
>
> You should not write this because SHA-1 algo is still used in order to 
> compute AKI and SKI.

+1

> So you should refine to SHA-1withRSAencryption for signature algorithm.

We need to outlaw RSA/SHA-1, DSA/SHA-1 and ECDSA/SHA-1.  Not just RSA/SHA-1.

I think it would be better to say something like "SHA-1 MUST NOT be used as the signature hash algorithm" rather than list the particular signature algorithm OIDs that are not permitted.

(My concern with blacklisting OIDs is that we might miss some.  For starters, there are at least 2 different OIDs for RSA/SHA-1:
   1.2.840.113549.1.1.5
   1.3.14.3.2.29)

> My 2 cents….
>
> Franck.
>
>
> Envoyé depuis Windows Mail
>
> *De :* kirk_hall at trendmicro.com <mailto:kirk_hall at trendmicro.com> 
> *Envoyé :* ‎samedi‎ ‎6‎ ‎septembre‎ ‎2014 ‎01‎:‎11 *À :* Ryan Sleevi 
> <mailto:sleevi at google.com>, Tom Albertson 
> <mailto:tomalb at microsoft.com> *Cc :* public at cabforum.org 
> <mailto:public at cabforum.org>
>
> Trend Micro will endorse this ballot as well – good idea.
>
> *From:*public-bounces at cabforum.org 
> [mailto:public-bounces at cabforum.org]
> *On Behalf Of *Ryan Sleevi
> *Sent:* Friday, September 05, 2014 4:08 PM
> *To:* Tom Albertson
> *Cc:* CABFPub
> *Subject:* Re: [cabfpub] FW: Ballot - expiration of SHA1 certificates
>
> Hi Tom,
>
> We would be happy to endorse.
>
> On Sep 5, 2014 3:47 PM, "Tom Albertson" <tomalb at microsoft.com 
> <mailto:tomalb at microsoft.com>> wrote:
>
> Hi there,
>
> I have produced a ballot for discussion, which aligns the Baseline
> Requirements (v1.1.9)  with the planned deprecation of SHA-1.   This
> ballot uses the dates in the Microsoft SHA-1 deprecation policy 
> <http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-po
> licy.aspx> as a reference, and right now only addresses SSL certs.  I 
> think we can offer similar language for code signing certs and 
> possibly other BRs once we have hashed this out for SSL.
>
> New text appears as _red underlined_.   A small amount of text in
> Appendix A is proposed for deletion (black strikethrough)  The 
> amendments relate mainly to Section 9.4 Validity Period, with minor 
> conforming changes to Appendix A.
>
> Special thanks to Ben and Gerv and others, who already struggled 
> through this issue in March 2014, that ballot discussion was most instructive.
> I have made no efforts to collaborate with other Forum members on this 
> issue except to go back and forth with Kelvin and Aaron here at 
> Microsoft on the best text to offer to represent the Microsoft policy.
>
> Your comments and questions are appreciated, and ultimately we could 
> use an endorser or two of the ballot measure.
>
> Thanks,
>
> Tom
>
> *Ballot NNN –expirations of SHA1 certificates (FINAL VERSION)*
>
> */9.4 Validity Period/*
>
> **
>
> *9.4.1 Subscriber Certificates*
>
> Subscriber Certificates issued after the Effective Date MUST have a 
> Validity Period no greater than 60 months.
>
> Except as provided for below, Subscriber Certificates issued after 1 
> April 2015 MUST have a Validity Period no
>
> greater than 39 months.
>
> _Effective 1 November 2014, CAs MUST NOT issue Subscriber Certificates 
> utilizing the SHA-1 algorithm with an Expiry Date greater than 1 
> January 2017._
>
> _Except as provided for below, effective 1 January 2016, CAs MUST NOT 
> issue Subscriber Certificates that utilize the SHA-1 algorithm._
>
> __
>
> _Effective_1 April 2015, CAs MAY continue to issue Subscriber 
> Certificates with a Validity Period greater than 39
>
> months but not greater than 60 months provided that the CA documents 
> that the Certificate is for a system or
>
> software that:
>
> (a) was in use prior to the Effective Date;
>
> (b) is currently in use by either the Applicant or a substantial 
> number of Relying Parties;
>
> (c) fails to operate if the Validity Period is shorter than 60 months;
>
> (d) does not contain known security risks to Relying Parties; and
>
> (e) is difficult to patch or replace without substantial economic outlay.
>
> *_9.4.2 Root CA Certificates_*
>
> _The SHA-1 deprecation policy and Validity Dates DO NOT apply to Root 
> CA certificates.  CAs MAY continue to use their existing SHA-1 Root 
> Certificates. __CAs MUST use SHA-2 or successor hash algorithms to 
> sign any Subscriber certificates, Subordinate CA certificates, and 
> CRLs effective 1 January 2016._
>
> *_9.4.3 Subordinate CA Certificates_*
>
> _Effective 1 January 2016, CAs MUST NOT issue Subordinate CA 
> Certificates that utilize the SHA-1 algorithm.  CAs MUST NOT issue 
> SHA-2 Subscriber certificates under SHA-1 Subordinate CA 
> Certificates._
>
> *Appendix A - Cryptographic Algorithm and Key Requirements 
> (Normative)*
>
>>
> Add this note under Table 2, Subordinate CA certificates:
>
> _* SHA-1 MAY be used with RSA keys in accordance with the criteria 
> defined in Section 9.4.3._
>
> And amend this note at the end of the 3 tables.
>
> * SHA-1 MAY be used with RSA keys_in accordance with the criteria 
> defined in Section 9.4.1 _until SHA-256 is supported widely by 
> browsers used by a substantial
>
> portion of relying-parties worldwide.
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org> 
> https://cabforum.org/mailman/listinfo/public
>
> TREND MICRO EMAIL NOTICE
> The information contained in this email and any attachments is 
> confidential and may be subject to copyright or other intellectual property protection.
> If you are not the intended recipient, you are not authorized to use 
> or disclose this information, and we request that you notify us by 
> reply mail or telephone and delete the original message from your mail system.
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690 Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.  If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.


More information about the Public mailing list