[cabfpub] Mozilla SHA-1 further restrictions
Rob Stradling
rob.stradling at comodo.com
Fri Nov 18 15:27:44 UTC 2016
On 18/11/16 15:06, Gervase Markham via Public wrote:
> On 17/11/16 16:44, Andrew Ayer wrote:
>>> CAs may only sign SHA-1 hashes over non-certificate data (e.g. OCSP
>>> responses, CRLs) using certs which chain up to roots in Mozilla's
>>> program if all of the following are true:
>>>
>>> * the cert has a Basic Constraints extension with a value of false in
>>> the cA component;
>>>
>>> * Doing so is necessary for a documented compatibility reason;
>>>
>>> * The CA takes care the all of the signed data is either static,
>>> defined by the CA, or of a known and expected form.
>>
>> I think this change takes us in the wrong direction. It would forbid
>> pre-generation of static OCSP responses signed directly by a cA:true
>> certificate, which is safe, while allowing good OCSP responses to be
>> forged for revoked certificates.
>
> If, as Peter's list seems to suggest, the only non-certificate data CAs
> need to sign is CRLs and OCSP responses, perhaps we can just eliminate
> the first bullet above?
RFC6962 precertificates are X.509 certificates, but 6962-bis
precertificates are CMS signed-data objects.
See
https://tools.ietf.org/id/draft-ietf-trans-rfc6962-bis-20.html#rfc.section.3.2
Does that make them "non-certificate data" ?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list