[cabfpub] Mozilla SHA-1 further restrictions
Gervase Markham
gerv at mozilla.org
Fri Nov 18 15:06:09 UTC 2016
On 17/11/16 16:44, Andrew Ayer wrote:
>> CAs may only sign SHA-1 hashes over non-certificate data (e.g. OCSP
>> responses, CRLs) using certs which chain up to roots in Mozilla's
>> program if all of the following are true:
>>
>> * the cert has a Basic Constraints extension with a value of false in
>> the cA component;
>>
>> * Doing so is necessary for a documented compatibility reason;
>>
>> * The CA takes care the all of the signed data is either static,
>> defined by the CA, or of a known and expected form.
>
> I think this change takes us in the wrong direction. It would forbid
> pre-generation of static OCSP responses signed directly by a cA:true
> certificate, which is safe, while allowing good OCSP responses to be
> forged for revoked certificates.
If, as Peter's list seems to suggest, the only non-certificate data CAs
need to sign is CRLs and OCSP responses, perhaps we can just eliminate
the first bullet above?
Gerv
More information about the Public
mailing list