[cabfpub] Proposal of a SHA-1 exception procedure

Ryan Sleevi sleevi at google.com
Fri Jun 17 19:17:11 UTC 2016

If you do, it would be beneficial if they read the proposed process and
come with concrete concerns about why aspects of it would be problematic.

That said, a perhaps more useful and productive use of the discussion time
would be to hear from those who examine the audit reports - that is, root
store operators - to get a sense of what their expectations are if an
organization issues a SHA-1 certificate and presents a qualified audit
stating as much.

For example, I think Jody's made it clear that Microsoft just wants someone
(and it's unclear if it'll be Microsoft or if they'll just delegate that to
the ecosystem) to run counter-cryptanalysis on the proposed tbsCertificate.
Presumably, but not stated as such, if the probability of a collision is
raised during that counter-cryptanalysis, then Microsoft wants to be able
to 'veto' and say they won't accept such issuance.

For Google, the procedure we laid out is one that, so far, we think best
represents the balance between the ecosystem participants. That includes
the necessary disclosures and information so that we can gather information
necessary to avoid such situations in the future, while having the
necessary transparency for us effectively accepting, on behalf of the
Internet trust ecosystem, the security risks.

It's useful to know what Apple/Mozilla/Opera/Qihoo360 think, as well as any
other root store program that may be presented with such audits.

To reiterate, the goal is not to say that the procedure is the minimum (of
what we can all agree on) - rather, it's to make sure that any procedures
are not intrinsically in conflict - for example, Google saying you MUST NOT
do X, while Microsoft saying you MUST do X.

Realize as well that it's not guaranteed that other programs even consider
this at all something they'd consider. For example, if Mozilla were to say
"We will remove any CA that issues SHA-1 certificates", then this whole
discussion is a moot-point, is it not?

While we (Google) are interested in understanding the as-yet-unclarified
concerns you/your customers have, to understand and inform our suggested
procedure, it would seem that, as a CA and as the Forum, there's a need for
broader involvement from root programs - of which you've only heard from
two so far (Microsoft and Google) making any statements pro or con to the

To your implicit suggestion that the phone call is equivalent, I would
point out that Interested Parties are not able to participate on such calls
or ask questions, while they are permitted such on the mailing list. So
while I appreciate the implication that it's post-hoc transparent
(typically, 2 weeks after such calls), it's not open, nor in a discussion
of this nature is it timely. We saw as much with WorldPay discussions, so
I'm somewhat surprised to see it suggested as a viable solution again, when
it's limitations were clear.

On Fri, Jun 17, 2016 at 12:02 PM, Dean Coclin <Dean_Coclin at symantec.com>

> Perhaps I should offer up again one of the representatives of these
> companies or trade associations the opportunity to present on our next
> call. This will give you and others the chance to ask your questions
> directly w/o this back and forth which is not productive. This dialog will
> be recorded in our minutes so there will be no opportunity for anything
> other than a transparent discussion. You can hear firsthand what I stated
> below (which I quoted directly from them).
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Friday, June 17, 2016 12:58 PM
> *To:* Dean Coclin <Dean_Coclin at symantec.com>
> *Cc:* Gervase Markham <gerv at mozilla.org>; CABFPub <public at cabforum.org>
> *Subject:* Re: [cabfpub] Proposal of a SHA-1 exception procedure
> On Fri, Jun 17, 2016 at 9:46 AM, Dean Coclin <Dean_Coclin at symantec.com>
> wrote:
> No Processor's legal department will allow them to put out a public form
> saying, "We are using SHA-1". They don't understand why browsers think this
> is a good idea.
> Dean,
> If you're going to make broad, sweeping, absolute statements, then it
> would help if you - or the customers you're claiming to represent - would
> explain why. If your goal is to suggest that Google reconsider the need for
> transparency, then you - and those customers - have an obligation to
> explain why that is. Statements like the above, and statements like you've
> made on the thread, objectively do not help further the discussion, and
> only serve to postpone and delay any further consideration of SHA-1
> allowances.
> If your goal is to support your customers, you're only hurting them with
> statements like this.
> A useful furtherance of the discussion, rephrasing what yous aid, might be
> "It's unlikely that payment processor's legal department will allow them
> to publicly admit "We are using SHA-1", because of [concerns X, Y, Z]."
> Of course, to also reiterate the previous discussions, "because security
> and privacy" aren't really concrete or actionable concerns - they're
> opaque, vague, and broad. They don't help inform the discussion about the
> tradeoffs - about the need for ecosystem transparency.
> If the proposition is that "Admitting you use SHA-1 is to put yourself at
> risk", then please consider what you're asking - that the entire Internet
> trust ecosystem accept the risk on behalf of that payment processor (and
> those like them), that need SHA-1 certificates. That's a completely
> unreasonable request, without further details.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160617/c5a22bce/attachment-0003.html>

More information about the Public mailing list