[cabfpub] Mozilla SHA-1 further restrictions (v4)

Jeremy Rowley jeremy.rowley at digicert.com
Thu Jan 12 11:17:36 MST 2017


Hey Gerv - when dos this policy take effect? Or is this being proposed for
the next Mozilla policy update.

-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase
Markham via Public
Sent: Thursday, January 12, 2017 10:52 AM
To: CABFPub <public at cabforum.org>
Cc: Gervase Markham <gerv at mozilla.org>
Subject: Re: [cabfpub] Mozilla SHA-1 further restrictions (v4)

Here's v4. I've decided to leave the email situation unchanged for now, in
the name of getting the SSL situation put to bed. We can address it in a
different discussion.

This is the same as v3 except it allows the issuance of SHA-1 intermediates
to add EKUs so that they can be used in chains meeting the other
requirements (a fix for a problem Bruce pointed out).

<quote>
CAs may only sign SHA-1 hashes over end-entity certificates which chain up
to roots in Mozilla's program if all the following are true:

1) The end-entity certificate:
* is not within the scope of the Baseline Requirements;
* contains an EKU extension which does not contain either of the id-kp-
  serverAuth or anyExtendedKeyUsage key purposes;
* has at least 64 bits of entropy from a CSPRNG in the serial number.

2) The issuing intermediate:
* contains an EKU extension which does not contain either of the id-kp-
  serverAuth or anyExtendedKeyUsage key purposes;
* has a pathlen:0 constraint.

CAs may only sign SHA-1 hashes over issuing intermediates which chain up to
roots in Mozilla's program if the certificate to be signed is a duplicate of
an existing SHA-1 intermediate certificate with the only change being the
addition of an EKU to meet the requirements outlined above.

CAs may only sign SHA-1 hashes over OCSP responses if the signing
certificate contains an EKU extension which contains only the
id-kp-ocspSigning EKU.

CAs may only sign SHA-1 hashes over CRLs for roots and intermediates which
have issued SHA-1 certificates.

CAs may not sign SHA-1 hashes over other data, including CT
pre-certificates.
</quote>

Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170112/0532c570/attachment-0001.bin>


More information about the Public mailing list