[cabfpub] Application for SHA-1 Issuance
Rick Andrews
Rick_Andrews at symantec.com
Fri Jul 22 17:45:58 UTC 2016
Gerv,
I appreciate your clarification of Mozilla's stand before you take off.
Based on the feedback we've received before your guidance, we began the
process of generating another set of TBSCertificates based on TSYS' existing
SHA-1 certificates without any random strings in the OU. We started that
process
with the intent to again use a CSPRNG for the serial numbers. We're using
true hardware randomness from an HSM using out-of-band generation of the
random serial numbers by members of the same key ceremony team. The serial
numbers were not generated or suggested by the customer. Given TSYS'
impending deadlines, we chose to avoid introducing more changes to the
process.
Our strong preference is to proceed with this second set of TBSCertificates,
even though they don't exactly fit the guidelines you outlined below. Does
Mozilla feel so strongly about the strict construction of the serial number
that you cannot accept HSM-generated serial numbers?
-Rick
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Gervase Markham
Sent: Friday, July 22, 2016 4:20 AM
To: Dean Coclin <Dean_Coclin at symantec.com>
Cc: Bryan Smoak <BryanSmoak at tsys.com>; public at cabforum.org
Subject: Re: [cabfpub] Application for SHA-1 Issuance
On 21/07/16 22:53, Dean Coclin wrote:
> Geoff, Thank you for the additional feedback. It seems that several
> parties have similar comments.
>
> Is it the consensus of the community to request that TSYS resubmit the
> TBS certificates, even though the counter crypt analysis so far has
> shown no issues? I realize that is an independent function but please
> provide feedback if you would like TSYS to do as Geoff suggests as
> soon as possible.
I am moving house next week, and so cannot guarantee my ability to
participate in this discussion.
Mozilla approves the application from TSYS (that is to say, we will accept a
qualified BR audit from their CA where the qualifications relate to this
event) on the condition that the serial numbers of the final certificates
follow some documented strict construction process, in broadly the manner
PHB outlined, using a modern crypto hash algorithm in the process of serial
number generation, using an earlier form of the cert as input. I believe
this should be a sufficient stopgap to reassure the public (who cannot see
inside the CA's or TSYS's operations) that collisions are not being
attempted. Other CAs may want the process nailed down; the above is intended
to be vague enough to accommodate whatever they decide.
We do not (although others may) require that TSYS reuse old keys, or remove
the random identifiers from the OU.
Dean indicated on yesterday's call that following this type of process was
possible for Symantec if approval from browsers was provided quickly. This
is an attempt to provide such approval with the necessary speed.
Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5725 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160722/e4645fb9/attachment-0001.p7s>
More information about the Public
mailing list