[Servercert-wg] RV: Redline for SC-59: Weak keys ballot
Inigo Barreira
Inigo.Barreira at sectigo.com
Thu Mar 16 16:11:13 UTC 2023
Forwarding it to the Sever Certificate WG
De: Smcwg-public <smcwg-public-bounces at cabforum.org> En nombre de Chris
Kemmerer via Smcwg-public
Enviado el: jueves, 16 de marzo de 2023 15:46
Para: smcwg-public at cabforum.org
Asunto: [Smcwg-public] Redline for SC-59: Weak keys ballot
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.
Hello,
A diff for our proposed changes may be found here:
https://github.com/cabforum/servercert/compare/2c63814...9ecc201?diff=split
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fcompare%2F2c63814...9ecc201%3Fdiff%3Dsplit&data=
05%7C01%7Cinigo.barreira%40sectigo.com%7C9d27ee5b4bb7400b1fa908db262d2483%7C
0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638145747577702166%7CUnknown%7CTW
FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D
%7C3000%7C%7C%7C&sdata=FaXtQOTrKeZMl523hWU9ts32%2B05OaGiT8S%2BdJzsczq4%3D&re
served=0>
This compares the current BR branch (2c63814) with our latest updates. Ben
Wilson and Martijn Katerbarg have offered extremely useful suggestions, some
of which we have accommodated and others we offer for discussion.
Specifically, in 6.1.1.3:
* Our version removes the provision "2. There is clear evidence that
the specific method used to generate the Private Key was flawed" as we
believe that this case is essentially the same as the next one (i.e. "clear
evidence" of a flawed method must lead to awareness of the "demonstrated or
proven method")
* The four items 4 (b) (i though iv) are inclusive (i.e all parameters
combined) and are now joined by an "and"
* As this ballot covers various weak key issues, "Debian" has been
removed where not specifically required
* The directive that "CAs MUST check for Debian weak keys for all RSA
modulus lengths and exponents that they accept" was added via discussion in
our SCWG calls and in our view reinforces and extends the provision in 4(b).
It should be decided if there will be a cutoff point or not. If a CA wants
to support 16384-bit RSA keys, do they have to generate first all Debian
weak keys of that size or could it be assumed that such Debian weak keys are
not expected to have been generated before?
* We had included links to specific tools but now see that these (and
more!) may be found at https://cabforum.org/resources/tools/ under "Check
for Bad Private Keys". We have edited the section to direct to this
resource.
Regards,
Chris K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230316/f526b1ec/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230316/f526b1ec/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6853 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230316/f526b1ec/attachment-0001.p7s>
More information about the Servercert-wg
mailing list