[cabfpub] Ballot 152 - Issuance of SHA-1 certificates through 2016)

Dean Coclin Dean_Coclin at symantec.com
Mon Oct 19 19:48:28 UTC 2015 

Despite this latest news and the withdrawal of the current ballot, I have
heard increasing calls from very large enterprises (Fortune 50) and
Governments that state the issue previously described, that is, the problem
in replacing high numbers of SHA1 certs before Dec 31 2015, doesn't go away.
 
Two issues which they feel have not adequately been described in threat
models:
 
1. The prohibition of issuing SHA1 certs after Dec 31, 2015 that still
expire by the existing deadline (Dec 31, 2016).
                                                       
2. The prohibition of issuing non-browser based SHA-1 certs beyond Dec 31,
2015.  This appears to be a huge issue, the scope of which is still being
quantified. (Some may say that they shouldn't have been issuing from public
roots but this started way before the CA/B Forum)
 
It would be helpful if someone from the Forum can address the threat models
behind these 2 rules.
 
Thanks




-----Original Message-----
From: Rob Stradling [mailto:rob.stradling at comodo.com] 
Sent: Thursday, October 08, 2015 6:17 AM
To: Dean Coclin; Ryan Sleevi; Jeremy Rowley
Cc: Rick Andrews; public at cabforum.org
Subject: The Shappening: freestart collisions for SHA-1 (was Re: [cabfpub]
Ballot 152 - Issuance of SHA-1 certificates through 2016)

Is Ballot 152 dead yet?

https://sites.google.com/site/itstheshappening/

"Our recommendations

We recommend that SHA-1 based signatures should be marked as unsafe much
sooner than prescribed by current international policy. Even though
freestart collisions do not directly lead to actual collisions for SHA-1, in
our case, the experimental data we obtained in the process enable
significantly more accurate projections on the real-world cost of actual
collisions for SHA-1, compared to previous projections. 
Concretely, we estimate the SHA-1 collision cost today (i.e., Fall 2015)
between 75K$ and 120K$ renting Amazon EC2 cloud computing over a few months.
By contrast, security expert Bruce Schneier previously projected the SHA-1
collision cost to be ~173K$ by 2018. Note that he deems this to be within
the resources of a criminal syndicate. Large corporations and governments
may possess even greater resources and may not require Amazon EC2.
Microsoft, Google and Mozilla have all announced that their respective
browsers will stop accepting SHA-1 based SSL certificates by
2017 (and that SHA-1-based certificates should not be issued after 2015). In
conclusion, our estimates imply SHA-1 collisions to be now (Fall 2015)
within the resources of criminal syndicates, two years earlier than
previously expected and one year before SHA-1 will be marked as unsafe in
modern Internet browsers. This motivates our recommendations for industry
standard SHA-1 to be retracted as soon as possible. With our new cost
projections in mind, we strongly and urgently recommend against a recent
proposal to extend the issuance of
SHA-1 certificates with a year in the CAB/forum (discussion closes October 9
2015, vote closes October 16)."

On 06/10/15 16:23, Dean Coclin wrote:
> Yes, Ryan is correct. Nonetheless, I am going to add it to the agenda 
> for this week's meeting.
>
>
> Dean
>
> *From:*public-bounces at cabforum.org 
> [mailto:public-bounces at cabforum.org]
> *On Behalf Of *Ryan Sleevi
> *Sent:* Tuesday, October 06, 2015 9:25 AM
> *To:* Jeremy Rowley
> *Cc:* Rick Andrews; public at cabforum.org
> *Subject:* Re: [cabfpub] Ballot 152 - Issuance of SHA-1 certificates 
> through 2016
>
> On Mon, Oct 5, 2015 at 10:02 PM, Jeremy Rowley 
> <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com>> wrote:
>
> Also  - a point of order on this, but I thought all ballots needed one 
> telephone call or face to face before they could be started?  Did that 
> change?
>
> That was never required by the bylaws. While a good idea to gauge as a 
> bellwether for the likeliness of the ballot to succeed, any member may 
> propose a ballot at any time, so long as requisite number of 
> co-sponsors is found, adequate time is given for review and voting, 
> and that review and voting is clearly indicated in the ballot.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690 Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by
replying to the e-mail containing this attachment. Replies to this email may
be monitored by COMODO for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no
liability can be accepted and the recipient is requested to use their own
virus checking software.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151019/ec9fba93/attachment.p7s>

More information about the Public mailing list