[Servercert-wg] Updating BR 6.1.1.3

Christopher Kemmerer chris at ssl.com
Wed Apr 8 10:09:57 MST 2020 

We would not object to further clarifying our proposed language, 
possibly to something like the following:

"The minimum set for the Debian weak keys can be found at 
https://sources.debian.org/data/main/o/openssl-blacklist/0.5-3/ and MUST 
include at least lists containing 2048 and 4096 bit keys."

Chris

On 4/7/2020 3:23 PM, Corey Bonnell wrote:
>
> Hi Ryan,
>
> The openssl-blacklist package referenced in Chris’s draft ballot text 
> contains hashes for 4096 bit keys, for example: 
> https://sources.debian.org/data/main/o/openssl-blacklist/0.5-3/blacklists/le64/blacklist-4096.db. 
> Or were you referring to something else?
>
> While we’re on the topic of blocklisting known bad Debian keys, what 
> is the expectation on CA’s for blocking larger key sizes, such as 8192 
> or 16384? AFAIK there is no publicly available distribution that 
> contains hashes of keys this large and pre-computing them is a rather… 
> expensive operation. According to censys.io, there’s ~3700 currently 
> trusted certificates (including pre-cert/final cert dupes) with RSA 
> key length of 8192 bits 
> (https://censys.io/certificates?q=%28parsed.subject_key_info.rsa_public_key.length%3A+8192%29+AND+tags.raw%3A+%22trusted%22&) 
> and only 13 certs with 16384 bit key length 
> (https://censys.io/certificates?q=%28parsed.subject_key_info.rsa_public_key.length%3A+16384%29+AND+tags.raw%3A+%22trusted%22). 
> Given the low certificate counts and the elapsed time between when 
> openssl was patched for this vulnerability and now (~12 years), I’d be 
> inclined to think anything above 4096 is a “don’t care” case but I’d 
> think it would be good to explicitly mention that in the ballot so 
> that deviations in expectations/interpretations do not occur.
>
> Thanks,
>
> Corey
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf 
> Of *Ryan Sleevi via Servercert-wg
> *Sent:* Tuesday, April 7, 2020 3:18 PM
> *To:* Christopher Kemmerer <chris at ssl.com>; CA/B Forum Server 
> Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] Updating BR 6.1.1.3
>
> Chris,
>
> You can see that I'm already proposing changes to this section in 
> https://github.com/sleevi/cabforum-docs/pull/12 
> <https://scanmail.trustwave.com/?c=4062&d=mNKM3hYZ1UTwbatt2nfLoJpHfJvo_lpgQvEzDDsGiQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fsleevi%2fcabforum-docs%2fpull%2f12> 
>
>
> I notice that you excluded the set of 4096-bit keys. Was that intentional?
>
> This transmission may contain information that is privileged, 
> confidential, and/or exempt from disclosure under applicable law. If 
> you are not the intended recipient, you are hereby notified that any 
> disclosure, copying, distribution, or use of the information contained 
> herein (including any reliance thereon) is STRICTLY PROHIBITED. If you 
> received this transmission in error, please immediately contact the 
> sender and destroy the material in its entirety, whether in electronic 
> or hard copy format. 

-- 
Chris Kemmerer
Manager of Operations
SSL.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ To find the reefs, look~~~~~~~~
~~~~     for the wrecks.    ~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200408/1b83c715/attachment.html>

More information about the Servercert-wg mailing list