[cabfpub] Mozilla SHA-1 further restrictions
Peter Bowen
pzb at amzn.com
Thu Nov 17 18:13:02 UTC 2016
> On Nov 17, 2016, at 9:01 AM, Gervase Markham via Public <public at cabforum.org> wrote:
>
> On 17/11/16 16:44, Andrew Ayer wrote:
>> If CAs really have to keep signing attacker-controlled non-certificate
>> data with SHA-1,
>
> Perhaps what we need is a collection of use cases?
>
> What do people need to sign which is not a cert?
>
> * OCSP response
> * CRL
>
> What else? And what parts of those things could be attacker-controlled?
> And how can the risk of signature transfer be mitigated?
Things that CA keys sign:
- Self-signed CA Certificate
- Transitive CA Certificate (that is a CA certificate where the Issuer is not the same as the Subject; what RFC 5280 and X.509 call a “cross certificate”)
- End-entity Certificate
- Certificate Revocation Lists (as defined in RFC 5280)
- OCSP response (as defined in RFC 6960)
- Precertificate (as defined in draft-ietf-trans-rfc6962-bis)
End-entity (EE) certificates can be broken down into:
- OCSP response signer certificates (includes id-kp-OCSPSigning and no other KP’s in the EKU extension and does not include keyCertSign or cRLSign in the KU extension)
- Other EE certs
I think that should cover all uses of CA keys. Anyone have others?
Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161117/532b2b7e/attachment-0003.html>
More information about the Public
mailing list