[Servercert-wg] Updating BR 6.1.1.3
Ryan Sleevi
sleevi at google.com
Thu Apr 9 13:55:42 MST 2020
On Thu, Apr 9, 2020 at 4:45 PM Corey Bonnell <CBonnell at securetrust.com>
wrote:
> While the requirement for CAs to pre-compute blocklists for all RSA key
> sizes that they support is definitely worthy of consideration and
> discussion, I don’t believe that aligns with the current interpretation of
> the requirement to reject weak Debian keys for two reasons:
>
>
>
> 1. The Debian project selected the key sizes in openssl-blacklist (and
> the SSH counterpart blocklists, etc.) to represent the sizes that their
> users would commonly use and that they determined by blocking would provide
> protection for their users. CAs that block these same keys are implementing
> the same set of safeguards that the Debian maintainers have determined as
> appropriate for their own users. Going above and beyond what the Debian
> project currently has available for its own users’ security is worth a
> discussion, but I don’t believe that is the current expectation.
>
> I disagree. We point to the algorithm for determining a Debian weak key. A
CA should be capable of determining whether or not that particular key
meets that requirement. I think a similar discussion would be related to
ROCA and which primes the CA has to consider.
>
> 1.
> 2. By mandating that CAs must pre-compute blocklists for all supported
> key sizes, it becomes increasingly computationally expensive to support the
> array of key sizes currently supported today by CAs and especially larger
> keys, such as 16384 bits. If we believe that pre-generating these lists is
> a requirement prior to supporting a given key length, then we are
> essentially setting the upper bound (as determined by CAs’ computing power)
> on allowed key sizes for the web PKI to satisfy checking for a
> vulnerability that was patched 12 years ago, a time when much smaller keys
> were predominant.
>
> But there are always trade-offs. If the CA can't support a key size
securely, not issuing seems like a reasonable path.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200409/cc3a9cc8/attachment-0001.html>
More information about the Servercert-wg
mailing list