[cabfpub] Mozilla SHA-1 further restrictions

Rob Stradling rob.stradling at comodo.com
Thu Nov 17 13:58:15 UTC 2016

On 17/11/16 13:45, Gervase Markham wrote:
> On 17/11/16 12:42, Rob Stradling wrote:
>> Gerv, why must the EKU extension be critical?
> Are you saying that making it critical causes problems?

I was mostly just wearing my "please don't create unnecessary extra work 
for CAs" hat.

However, let's not forget that it's arguably a violation of RFC5280 to 
(ab)use the EKU extension in intermediate certs as a constraint 
mechanism.  It's definitely conceivable that there are some modern 
applications that don't process the EKU extension in intermediate certs, 
but which do blow up when they encounter a critical extension that they 
don't process.

>> I don't remember ever seeing an intermediate cert with a critical EKU
>> extension.  It would be unfortunate if your "further restrictions" lead
>> to CAs reissuing their SHA-1 intermediates!
> I don't see much risk in a CA reissuing a SHA-1 intermediate /per se/,
> because I am assuming that CAs are not trying to engineer collisions.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list