[cabfpub] Microsoft Proposed Updates to the SHA-1 Deprecation Timeline

Ryan Sleevi sleevi at google.com
Thu Oct 29 18:43:49 UTC 2015


On Thu, Oct 29, 2015 at 11:22 AM, Doug Beattie <doug.beattie at globalsign.com>
wrote:

> Microsoft should have pulled their root from their root store then (with
> sufficient warning).
>

Independent of the merits of that, it still remains that they weren't, they
have issued an unknown number of certificates using SHA-1, the recent
research merely confirms the previous work and shows it was even
less-costly than previously anticipated, so there is the real and present
risk of sufficiently motivated nationstate attackers (as we'll assume the
cybercrime factions lack the cryptographic know-how to perform the same
research) having exploited this for gain.

Much like RSA-1024 and factoring risks for roots, that should be sufficient
cause for concern, and explains a bit more the consideration for moving the
full removal date forward. Although the deprecation (of issuance) is still
two months away, we should also believe that sufficiently motivated
attackers may also attempt to exploit SHA-1 collisions before then.

I'm merely providing that as context for why an acceleration may be
perceived as necessary to protect users, so that it doesn't feel arbitrary
or capricious. As I understand it, Jody's still looking to garner feedback
on the impact and risks, the same as I presume Mozilla is, who recently
said the same thing, and I can say we are also looking at and considering
an acceleration. We're trying to understand the balance between risks - the
risks to all internet users versus the risk to interoperability and server
operators. It's a tough calculus, thus feedback welcome - but disregarding
the risks isn't terribly useful :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151029/cec3ea91/attachment-0003.html>


More information about the Public mailing list