[Servercert-wg] Updating BR 6.1.1.3

Corey Bonnell CBonnell at securetrust.com
Tue Apr 7 13:23:53 MST 2020 

Hi Ryan,
The openssl-blacklist package referenced in Chris’s draft ballot text contains hashes for 4096 bit keys, for example: https://sources.debian.org/data/main/o/openssl-blacklist/0.5-3/blacklists/le64/blacklist-4096.db. Or were you referring to something else?

While we’re on the topic of blocklisting known bad Debian keys, what is the expectation on CA’s for blocking larger key sizes, such as 8192 or 16384? AFAIK there is no publicly available distribution that contains hashes of keys this large and pre-computing them is a rather… expensive operation. According to censys.io, there’s ~3700 currently trusted certificates (including pre-cert/final cert dupes) with RSA key length of 8192 bits (https://censys.io/certificates?q=%28parsed.subject_key_info.rsa_public_key.length%3A+8192%29+AND+tags.raw%3A+%22trusted%22&) and only 13 certs with 16384 bit key length (https://censys.io/certificates?q=%28parsed.subject_key_info.rsa_public_key.length%3A+16384%29+AND+tags.raw%3A+%22trusted%22). Given the low certificate counts and the elapsed time between when openssl was patched for this vulnerability and now (~12 years), I’d be inclined to think anything above 4096 is a “don’t care” case but I’d think it would be good to explicitly mention that in the ballot so that deviations in expectations/interpretations do not occur.

Thanks,
Corey

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Ryan Sleevi via Servercert-wg
Sent: Tuesday, April 7, 2020 3:18 PM
To: Christopher Kemmerer <chris at ssl.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] Updating BR 6.1.1.3

Chris,

You can see that I'm already proposing changes to this section in https://github.com/sleevi/cabforum-docs/pull/12<https://scanmail.trustwave.com/?c=4062&d=mNKM3hYZ1UTwbatt2nfLoJpHfJvo_lpgQvEzDDsGiQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fsleevi%2fcabforum-docs%2fpull%2f12>

I notice that you excluded the set of 4096-bit keys. Was that intentional?
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200407/1f95e3c5/attachment.html>

More information about the Servercert-wg mailing list