[cabfpub] Mozilla SHA-1 further restrictions
Gervase Markham
gerv at mozilla.org
Thu Nov 17 16:18:17 UTC 2016
Let's try a v2, as the first one turns out to have been less than
ideally-drafted (even after several rounds of earlier review...):
(Note: this doesn't include a conclusion to the conversation about EKUs.)
<quote>
CAs may only sign SHA-1 hashes over end-entity certs which chain up to
roots in Mozilla's program if all the following are true:
1) The end-entity certificate:
* is not within the scope of the Baseline Requirements;
* contains an EKU extension with a single key purpose, which is not
id-kp-serverAuth or anyExtendedKeyUsage;
* has at least 64 bits of entropy from a CSPRNG in the serial number.
2) The issuing intermediate:
* contains an EKU extension with a single key purpose, which is not
id-kp-serverAuth or anyExtendedKeyUsage;
* has a pathlen:0 constraint.
CAs may only sign SHA-1 hashes over non-certificate data (e.g. OCSP
responses, CRLs) using certs which chain up to roots in Mozilla's
program if all of the following are true:
* the cert has a Basic Constraints extension with a value of false in
the cA component;
* Doing so is necessary for a documented compatibility reason;
* The CA takes care the all of the signed data is either static,
defined by the CA, or of a known and expected form.
</quote>
More information about the Public
mailing list