[cabfpub] Mozilla SHA-1 further restrictions

Gervase Markham gerv at mozilla.org
Fri Nov 18 14:02:36 UTC 2016

On 18/11/16 13:48, Doug Beattie wrote:
> * Do you propose that CAs
> create new CA certificates every time a new EKU needs to be supported
> in an end entity certificate?

If we are going to avoid having SHA-1-issuing intermediates out there
which can also issue server certs, then they are all going to need to be
EKU-constrained, and so this particular bullet is going to be necessary.

> Please reconsider the EKU requirement in CA certificates (SHA-1 and
> SHA-256).  It's too bad we can't say: AnyEKU except id-kp-serverAuth
> or id-kp-codeSigning

I can see the issue you are raising, but I wonder if there is a middle
ground between the current position and "anything in any combination as
long as no serverAuth". Particularly as, if Erwann is right, the
pathlen=0 constraint can be bypassed. I'm particularly concerned about
email, that being the other thing Mozilla's root store now cares about.

What EKUs are commonly combined in an EE cert with
id-kp-emailProtection, other than id-kp-clientAuth?


More information about the Public mailing list