[cabfpub] SHA-1 Collision Found

philliph at comodo.com philliph at comodo.com
Fri Feb 24 03:04:08 UTC 2017

Microsoft began distribution of SHA-2 in 2006 with Vista and in Windows Server 2008. 

The FIPS was issued in 2001. The Wang attack was published in 2005.

The FIPS for SHA-3 was issued in 2015 and the way things look right now, nobody seems likely to implement until the first cracks appear in SHA-2. 

Now I understand that you like to accuse CAs of being the root of all that is evil and bad in security. But CAs really can’t start issuing certs until they are supported by at least some browsers and servers.

Even in a world where Google can update its code in 90 days, most of the Web sites are on servers that have major transition anxiety due to them being coded in multiple layers of middleware that have complex relations to the server core.

If we are to lead, how about doing the obvious and setting a date by which servers and browsers are advised to provide support for SHA-3?

We should also start work on succession planning for RSA. 

> On Feb 23, 2017, at 3:49 PM, Ryan Sleevi via Public <public at cabforum.org> wrote:
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html <https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html> and https://shattered.it <https://shattered.it/>
> This is consistent with many timelines previously shared and estimated cost. However, please do consider reading the paper - the estimated cost ended up being what it was in a large part due to the heavy CPU usage for the first phase, compared to the more computationally complex second phase which was optimized for GPUs. Had the first phase been similarly optimized for GPUs, both the time and the cost could have dramatically decreased. With the release of the code in 90 days, it's reasonable to expect such optimizations both in public and private.
> I note that SHA-1 deprecation did not come about because of the CA/Browser Forum taking a concentrated effort to improve security; it came about because a Browser member - Microsoft - was willing to make the difficult decision of taking unilateral action in the absence of Forum consensus. While Ballot 118 only had the recorded objection of SECOM Systems, it's very easy to find the discussions leading up to such a vote in which, because Microsoft had already required it, it was seen as a foregone inevitability.
> Ballot 118 - ratified 16 October 2014 - took nearly a year to normalize what a root program was already requiring, as of 12 November 2013 - https://technet.microsoft.com/en-us/library/security/2880823.aspx <https://technet.microsoft.com/en-us/library/security/2880823.aspx>
> It is quite unfortunate that the Forum followed, rather than lead, with the Baseline Requirements, and though this has long been the trend in the Forum, I do hope CA members collectively reevaluate the duty to care for Internet security, even when it makes things difficult for them. Hopefully, by doing so, we can better use the Forum to bring up actionable, concrete concerns with Browsers' proposed timelines, ideally agreeing to codify them in the Baseline Requirements. We can only achieve that goal if CAs commit to sharing meaningful, actionable, concrete feedback, rather than anecdata and questionable surveys, so that Browsers can make informed and considered decisions on balancing the tradeoffs between site operators, CAs, and the billions of relying parties.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170223/6e4d2e61/attachment-0003.html>

More information about the Public mailing list