[Smcwg-public] Redline for SC-59: Weak keys ballot

[Chris Kemmerer]

Hello,

A diff for our proposed changes may be found here: https://github.com/cabforum/servercert/compare/2c63814...9ecc201?diff=split

This compares the current BR branch (2c63814) with our latest updates. Ben Wilson and Martijn Katerbarg have offered extremely useful suggestions, some of which we have accommodated and others we offer for discussion. Specifically, in 6.1.1.3:


  *   Our version removes the provision "2. There is clear evidence that the specific method used to generate the Private Key was flawed" as we believe that this case is essentially the same as the next one (i.e. "clear evidence" of a flawed method must lead to awareness of the "demonstrated or proven method")
  *   The four items 4 (b) (i though iv) are inclusive (i.e all parameters combined) and are now joined by an "and"
  *   As this ballot covers various weak key issues, "Debian" has been removed where not specifically required
  *   The directive that "CAs MUST check for Debian weak keys for all RSA modulus lengths and exponents that they accept" was added via discussion in our SCWG calls and in our view reinforces and extends the provision in 4(b). It should be decided if there will be a cutoff point or not. If a CA wants to support 16384-bit RSA keys, do they have to generate first all Debian weak keys of that size or could it be assumed that such Debian weak keys are not expected to have been generated before?
  *   We had included links to specific tools but now see that these (and more!) may be found at https://cabforum.org/resources/tools/ under "Check for Bad Private Keys". We have edited the section to direct to this resource.

Regards,

Chris K




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230316/0e07507b/attachment.html>