[cabfpub] Ballot 118 - SHA1 Sunset

Rob Stradling rob.stradling at comodo.com
Fri Oct 3 02:30:14 MST 2014


On 03/10/14 09:57, Gervase Markham wrote:
> On 02/10/14 20:55, Ben Wilson wrote:
>> _Effective 1 January 2016, CAs MUST NOT issue any new Subscriber
>> certificates or Subordinate CA certificates using the SHA-1 hash
>> algorithm.
>
> It is worth noting the ramifications of this.
>
> If we assume that any site can present at most one certificate, and
> furthermore that every site needs to work in very modern browsers which
> are implementing SHA-1-deprecating UI such as recent Chrome or recent
> IE, then the CAB Forum making a requirement is basically the same thing
> as the browsers making a requirement.
>
> However, if someone were to add a feature to a webserver where it could
> send different certs to different clients based on SSL handshake
> fingerprinting, then (without a CAB Forum ballot) they could continue to
> use SHA-1 certs for older browsers and use SHA-256 for newer ones. But
> if we pass this ballot, we preclude that possibility.
>
> The situation which makes me think of this is as follows. Firefox has a
> download site, served over HTTPS. We have many people who want to
> download Firefox to get a supported and secure browser, who are on XP
> SP2 or below. If we switch the cert for that site completely to SHA-256,
> they are caught in a chicken and egg situation - they can't get a
> SHA-256-supporting browser until they get a SHA-256-supporting browser!

Hi Gerv.

The preferred solution: Everyone must stop using XP and install a modern OS!

Microsoft have already dropped support for XP.  IIRC, Chrome won't be 
supported on XP for much longer.  When do Mozilla plan to stop 
supporting Firefox on XP?

> The only other possibility is to make the initial load of the download
> page over HTTP, then redirect to two different sites based on a
> JavaScript test of the OS version. But clearly, we would much prefer
> end-to-end SSL for the entire experience. (Also, there are lots of
> direct-to-HTTPS download links out there already.)
>
> One way we could solve this problem by making our webservers do SSL
> handshake sniffing, and serve different certs to different clients. But
> if the CAB Forum passes this ballot, we would have trouble getting a
> SHA-1 cert to serve to the legacy clients.
>
> Gerv

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online



More information about the Public mailing list