[Servercert-wg] Updating BR 6.1.1.3
Christopher Kemmerer
chris at ssl.com
Wed Apr 8 10:09:57 MST 2020
We would not object to further clarifying our proposed language,
possibly to something like the following:
"The minimum set for the Debian weak keys can be found at
https://sources.debian.org/data/main/o/openssl-blacklist/0.5-3/ and MUST
include at least lists containing 2048 and 4096 bit keys."
Chris
On 4/7/2020 3:23 PM, Corey Bonnell wrote:
>
> Hi Ryan,
>
> The openssl-blacklist package referenced in Chris’s draft ballot text
> contains hashes for 4096 bit keys, for example:
> https://sources.debian.org/data/main/o/openssl-blacklist/0.5-3/blacklists/le64/blacklist-4096.db.
> Or were you referring to something else?
>
> While we’re on the topic of blocklisting known bad Debian keys, what
> is the expectation on CA’s for blocking larger key sizes, such as 8192
> or 16384? AFAIK there is no publicly available distribution that
> contains hashes of keys this large and pre-computing them is a rather…
> expensive operation. According to censys.io, there’s ~3700 currently
> trusted certificates (including pre-cert/final cert dupes) with RSA
> key length of 8192 bits
> (https://censys.io/certificates?q=%28parsed.subject_key_info.rsa_public_key.length%3A+8192%29+AND+tags.raw%3A+%22trusted%22&)
> and only 13 certs with 16384 bit key length
> (https://censys.io/certificates?q=%28parsed.subject_key_info.rsa_public_key.length%3A+16384%29+AND+tags.raw%3A+%22trusted%22).
> Given the low certificate counts and the elapsed time between when
> openssl was patched for this vulnerability and now (~12 years), I’d be
> inclined to think anything above 4096 is a “don’t care” case but I’d
> think it would be good to explicitly mention that in the ballot so
> that deviations in expectations/interpretations do not occur.
>
> Thanks,
>
> Corey
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf
> Of *Ryan Sleevi via Servercert-wg
> *Sent:* Tuesday, April 7, 2020 3:18 PM
> *To:* Christopher Kemmerer <chris at ssl.com>; CA/B Forum Server
> Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] Updating BR 6.1.1.3
>
> Chris,
>
> You can see that I'm already proposing changes to this section in
> https://github.com/sleevi/cabforum-docs/pull/12
> <https://scanmail.trustwave.com/?c=4062&d=mNKM3hYZ1UTwbatt2nfLoJpHfJvo_lpgQvEzDDsGiQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fsleevi%2fcabforum-docs%2fpull%2f12>
>
>
> I notice that you excluded the set of 4096-bit keys. Was that intentional?
>
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If
> you are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
> received this transmission in error, please immediately contact the
> sender and destroy the material in its entirety, whether in electronic
> or hard copy format.
--
Chris Kemmerer
Manager of Operations
SSL.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ To find the reefs, look~~~~~~~~
~~~~ for the wrecks. ~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200408/1b83c715/attachment.html>
More information about the Servercert-wg
mailing list