[cabfpub] Mozilla SHA-1 further restrictions (v4)

Gervase Markham gerv at mozilla.org
Thu Jan 19 15:09:27 UTC 2017

On 16/01/17 21:02, Doug Beattie wrote:
>> I don't think that's what I mean, because that's language of
>> intent, not capability. I can change it to "the issuing
>> intermediate or root" and then change the "pathlen=0" thing to be
>> "(intermediates only)".
> I'm not sure why pathlen=0 is important in the first place.  Is that
> needed?  Why?

It means no intermediates can be issued from it, which is a good and
wise restriction if this cert is going to be online.

> Maybe Mozilla could flag SHA-1 CA certificates that are not supposed
> to be used for TLS and effectively disable any TLS certificates
> issued by these CAs?  We could identify any these SHA-1 CAs in the
> SalesForce system for you.

The way to do this would be to add them to OneCRL. However, Thunderbird
doesn't check that, which makes it not useful as we extend the SHA-1 ban
to email. (We aren't doing that in this round, but I hope to later.) And
only recent Firefoxes check OneCRL, but then they also won't trust
SHA-1, so it's not much of a gain.

I would rather we used the built-in mechanisms certificates have to say
"not used for TLS", rather than relying on out of band blacklists.

> It's unlikely that anyone will post OCSP signing Precertificates, but
> why do you want to prohibit it?

Because the less SHA-1 is used, the better, and I don't want to have to
write exceptions for every theoretical case that no-one has come up with
a practical use for.


More information about the Public mailing list