Re: Removal of 1024 bit CA roots - interoperability

Mon, 04 Aug 2014 15:54:06 -0700 

On 7/31/14, 1:17 PM, Kathleen Wilson wrote:


Here's what we are doing for this first batch of root changes that was
made in NSS 3.16.3, and is currently in Firefox 32, which is in Beta.

NSS 3.16.4 will be created and included in Firefox 32. It will only
contain these two changes:

1) https://bugzilla.mozilla.org/show_bug.cgi?id=1045189 -- Add the
2048-bit version of the "USERTrust Legacy Secure Server CA" intermediate
cert to NSS, this intermediate cert expires in November 2015.




It turns out that including the 2048-bit version of the cross-signed 
intermediate certificate does not help NSS at all. It would only help 
Firefox, and would cause confusion.


https://bugzilla.mozilla.org/show_bug.cgi?id=1045189#c13
--
old intermediate:

Subject: "CN=USERTrust Legacy Secure Server CA,O=The USERTRUST 
Network,L=Salt Lake City,ST=UT,C=US"
Issuer: "CN=Entrust.net Secure Server Certification Authority,OU=(c) 
1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits 
liab.),O=Entrust.net,C=US"

        Serial Number: 1184831531 (0x469f182b)
        Validity:
            Not Before: Thu Nov 26 20:33:13 2009
            Not After : Sun Nov 01 04:00:00 2015

the replacement intermediate::

Subject: "CN=USERTrust Legacy Secure Server CA,O=The USERTRUST 
Network,L=Salt Lake City,ST=UT,C=US"
Issuer: "CN=Entrust.net Certification Authority (2048),OU=(c) 1999 
Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits 
liab.),O=Entrust.net"

        Serial Number: 946071786 (0x3863e8ea)
        Validity:
            Not Before: Thu Nov 26 20:05:16 2009
            Not After : Sun Nov 01 05:00:00 2015


When given the choice of the above two certificates for chaining, which 
use an identical subject, the legacy NSS chaining code will try only one 
path. It will decide which certificate to use based on the validity 
time/date. It will pick the one that looks newer.



Unfortunately, the time/date of the certificates don't indicate a clear 
"winner".

--


Kai tested this adding the 2048-bit intermediate cert to NSS, and found 
that the 1024-bit intermediate cert was still used.



It works for Firefox, because mozilla::pkix keeps trying until it finds 
a certificate path that works.



Therefore, it looks like including the 2048-bit intermediate cert 
directly in NSS would cause different behavior depending on where the 
root store is being used. This would lead to confusion.


Kathleen

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy























					Reply via email to