[cabfpub] Mozilla SHA-1 further restrictions

Andrew Ayer andrew at sslmate.com
Mon Nov 21 21:08:20 UTC 2016


On Fri, 18 Nov 2016 22:36:48 +0000
Wayne Thayer via Public <public at cabforum.org> wrote:

> > 
> > * The CA takes care the all of the signed data is either static,
> >   defined by the CA, or of a known and expected form.
> 
> Should we specifically ban nonces in OCSP responses?

I think that would be a good idea.

In addition, the OCSP responder must return an unsigned "unauthorized"
response for unknown certificates (as permitted by RFC5019) rather than
a signed "unknown" response.  That's because the "unknown" response
echoes back an attacker-controlled serial number which some
implementations allow to be an arbitrary length.

This seems like a simpler rule to follow and verify than saying the
response must be of a "known and expected form."

Regards,
Andrew



More information about the Public mailing list