[cabfpub] SHA-1 Collision Found
philliph at comodo.com
philliph at comodo.com
Fri Feb 24 15:46:03 UTC 2017
> On Feb 23, 2017, at 11:31 PM, Eric Mill <eric at konklone.com> wrote:
> On Thu, Feb 23, 2017 at 10:54 PM, Phillip Hallam-Baker via Public <public at cabforum.org <mailto:public at cabforum.org>> wrote:
> Things have to break before some people will act. Which is why I consider the proposal to further reduce validity intervals to provide more procrastination time positively harmful.
> To restate this, you're saying that it's better to keep long-lived certs around, so that the heightened damage their misissuance would do will increase the motivation of CAs/browsers to deprecate weaker algorithms.
> I think that's a very difficult stance to defend. Holding one security feature hostage to spur support for another doesn't seem likely to produce security benefits, either in this case or the general case.
You are misrepresenting what I am saying. Do not put words in my mouth again. You do not speak for me. Only I speak for me.
Is that totally clear?
There is a WebPKI mechanism for dealing with certificates that were issued to people who should not have them. It is called revocation. It has been part of the PKIX specification from the very start.
Revocation is required for much more than dealing with situations like DigiNotar. The vast majority of certificates that are revoked for cause were validly issued and then revoked because of actions by the subject like setting up a phishing site.
If a browser provider decides not to support revocation as per the specification for the sake of shaving off a few milliseconds from their response, that is a choice they have made. They are the party that has decided to put their customers at risk. If they then go round pointing fingers at others for not mitigating the consequences of their decision, they are going to have the fingers pointed back to them.
In the PKIX architecture, the choice of certificate validity interval has no security consequences whatsoever. The only consequence of a longer or shorter validity interval is that the revocation infrastructure has to track certificate status for longer or shorter periods of time.
[This is not the case for self signed roots because they are not subject to revocation, however, they are not strictly speaking PKIX certificates either.]
If a party decides not to follow the PKIX architecture because they think they can provide the same security with a different technique, that is their prerogative. But they don’t then get to attack the rest of the industry and the millions of Web sites using certificates for not falling in line with their scheme.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public