[cabfpub] Application for SHA-1 Issuance

Rick Andrews Rick_Andrews at symantec.com
Thu Jul 28 13:55:33 MST 2016 

Thanks, Erwann. I now understand, and agree with you. I don’t know why Marc
Stevens used the original certs and not the TBSCertificates derived from
them. 

 

Thanks also to Peter for running the analysis on the TBSCertificates. I’m
going to respond on mozilla dev.security.policy.

 

-Rick

 

From: Erwann Abalea [mailto:Erwann.Abalea at docusign.com] 
Sent: Thursday, July 28, 2016 1:34 AM
To: Rick Andrews <Rick_Andrews at symantec.com>
Cc: Dean Coclin <Dean_Coclin at symantec.com>; public at cabforum.org
Subject: Re: [cabfpub] Application for SHA-1 Issuance

 

Bonjour Rick,

 

As said, in the first set of 8 tested objects, these are really the
tbsCertificate first proposed (with the magical dust in OU).

 

But in the second set of 7 tested objects, these are in fact the complete
certificates (the original ones), and not the tbsCertificate proposed to
replace them (with the same key and name, but different serial number and
dates).

—

[
]

[stevens TSYS2]$ time ../detectcoll_allDVs *.der 
sha1 f75716390925b752b403a7bbf6acb349de9d8d09 ssl1.tsys.1.txt.der

[
]

—

 

The displayed SHA1 hash is identical with the one of the certificate found
at https://crt.sh/?id=12924024, on which the proposed tbsCertificate is
based.

 

A perfectly understandable mistake.

 

Cordialement,

Erwann Abalea

 

Le 28 juil. 2016 à 00:08, Rick Andrews <Rick_Andrews at symantec.com
<mailto:Rick_Andrews at symantec.com> > a écrit :

 

Erwann,

Marc Stevens said "certs" but he meant "TBSCertificates". We didn't sign
certificates; we published TBSCertificates.

-Rick

--------------------------

From: Erwann Abalea <eabalea at gmail.com <mailto:eabalea at gmail.com> >
Date: July 27, 2016 at 12:41:27 PM GMT-5
To: Dean Coclin <Dean_Coclin at symantec.com <mailto:Dean_Coclin at symantec.com>
>
Subject: Re: [cabfpub] Application for SHA-1 Issuance
He tested the full certificates of the second set, not their tbs, in fact. 

Le mercredi 27 juillet 2016, Dean Coclin <Dean_Coclin at symantec.com
<mailto:Dean_Coclin at symantec.com> > a
écrit :
I saw an email from Marc Stevens on the Mozilla list a few days ago which
indicated he tested both the original set of TBS certs and the 2nd set and
did not see any issues. 
(See:
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/sku5NYXd
pOM)
 
Are there other questions that folks would like to ask or concerns that can
be addressed?
 
Symantec is awaiting approval from browsers to schedule the signing ceremony
this weekend if possible.
 
Thanks,
Dean
 
From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On
Behalf Of Ryan Sleevi
Sent: Monday, July 25, 2016 4:26 PM
To: Rob Stradling <rob.stradling at comodo.com
<mailto:rob.stradling at comodo.com> >
Cc: Dean Coclin <Dean_Coclin at symantec.com <mailto:Dean_Coclin at symantec.com>
>; CABFPub <public at cabforum.org <mailto:public at cabforum.org> >
Subject: Re: [cabfpub] Application for SHA-1 Issuance
 
 
 
On Mon, Jul 25, 2016 at 2:20 PM, Rob Stradling <rob.stradling at comodo.com
<mailto:rob.stradling at comodo.com> >
wrote:
IINM, both Gerv and Ryan indicated (or at least strongly implied) that
rigid construction was a prerequisite for their (Mozilla's and Google's)
approval of TSYS's request.  Did I misread something?
 
>From https://cabforum.org/pipermail/public/2016-July/008096.html
 
"Certificates whose contents are entirely predictable or in line with
precedent would also be acceptable; but it seemed like there were
several questions about that floating around, and doing the serial
numbers by strict construction makes them all moot. If you want to try
dealing with all the questions about the contents instead, you are
welcome to try."
 
Also, I don't see the relevance of "strong consensus".  AIUI, there must
be unanimous agreement.  If just one root program operator rejects
TSYS's request, then you can't issue the SHA-1 certs.  Similarly, if
just one root program operator says rigidly constructed serial numbers
are required, then you can't use random serial numbers.


-- 
Erwann.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160728/ef062df1/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5725 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20160728/ef062df1/attachment-0001.bin

More information about the Public mailing list