[cabfpub] Mozilla SHA-1 further restrictions (v4)

Gervase Markham gerv at mozilla.org
Fri Jan 13 14:07:56 UTC 2017

On 12/01/17 19:06, Doug Beattie wrote:
> Is there a provision for signing SHA-1 OCSP signing certificates?
> Perhaps this is covered in #1, but specifically allowing SHA-1 OCSP
> Signing certificates (under SHA-1 CAs which have active SHA-1 TLS
> certificates) would be a good idea for clarity.

It is covered in #1. Do you see a problem?

> For #2: - Can roots issue SHA-1 signed certificates?  You seem to
> preclude this, but of course we need that for OCSP signing certs. -

You suggest changing to "the issuing intermediate or root"?

> What if the Intermediate (or root if you permit that) does not have
> an EKU, can that be used to sign certificates?  I'm guessing most
> older intermediate CAs don't have EKU, so this means most SHA-1 CAs
> can be used to issue certificates (I'm not sure if this was your
> intent).

You mean "can't be used"? That is the intent, but the new clause about
signing hashes over issuing intermediates is there to allow such certs
to be replaced with a new cert which is identical but which has an EKU.

But actually, that doesn't help, does it, because an attacker could just
use the old version. I guess we also need to require key rotation?

> Why can's CAs sign Precertificates?

Well, certs going into CT are under the BRs anyway, so in what
circumstances would you want to and be allowed to do this by existing
policy anyway?


More information about the Public mailing list