[cabfpub] SHA-1 Collision Found

Peter Bowen pzb at amzn.com
Fri Feb 24 04:52:18 UTC 2017


> On Feb 23, 2017, at 8:09 PM, Ryan Sleevi via Public <public at cabforum.org> wrote:
> 
> 
> 
> On Thu, Feb 23, 2017 at 7:54 PM, Phillip Hallam-Baker <philliph at comodo.com <mailto:philliph at comodo.com>> wrote:
>  
> SHA-2 is a direct swap for SHA-3 however. All that is required is to define the necessary OIDs. And the CURDLE charter does not preclude SHA-3, it merely does not list them as current work items.
> 
> If you believe it's "just OIDs", then why hasn't Comodo made any proposals, given http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html <http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html> ? Were you simply unaware of the OID assignment? Or is your assertion that such an OID as "id-rsassa-pkcs1-v1_5-with-sha3-256" ( { sigAlgs 13 } ) is insufficient? 
> 
> I'm not sure how to interpret the rest of your reply, so I've omitted it, but I'm still curious about whether there are "any HSM vendors that CAs might use to ensure that their private keys are appropriately protected when generating these signatures?"
> 
> Doesn't this seem key to understanding how such certificates might exist, with respect to key protection, which is necessary and critical for user agents and cryptographic libraries to feel confident that supporting such certificates does not introduce undue risk to their users?

Ryan,

I wasn’t aware that NIST had allocated identifiers for RSA using PKCS#1 v1.5 over SHA3 hashes.  Given that this exists, that strikes out that issue.

There are a number of HSMs out there suitable for key protection for this case already — almost every HSM I know about implements the CKM_RSA_PKCS mechanism which allows signing arbitrary data.  It doesn’t care if it is a SHA-1, SHA-256, or SHA3-256 hash.

All that is preventing the use of id-rsassa-pkcs1-v1_5-with-sha3-256, id-rsassa-pkcs1-v1_5-with-sha3-384, and id-rsassa-pkcs1-v1_5-with-sha3-512 is (1) the BRs and (2) lack of implantation by browsers.  When is Chrome planning to support these algorithms?

Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170223/ab61bc06/attachment-0003.html>


More information about the Public mailing list