On Tue, Feb 23, 2016 at 1:55 PM, David E. Ross <nobody@nowhere.invalid> wrote:
> On 2/23/2016 10:57 AM, Gervase Markham wrote: > > Mozilla and other browsers have been approached by Worldpay, a large > > payment processor, via Symantec, their CA. They have been transitioning > > to SHA-2 but due to an oversight have failed to do so in time for a > > portion of their infrastructure, and failed to renew some SHA-1 server > > certificates before the issuance deadline of 31st December 2015. > > > > They now need 9 SHA-1 certificates issued before 28th February 2015, or > > approximately 10,000+ payment terminals around the world will stop > > working. This equipment was created some time ago, and unfortunately > > only supports publicly-trusted roots. Using roots removed from browser > > root programs is also not a complete solution to the program; these > > 10,000 do not trust any of those roots. This equipment does not support > > SHA-256 and cannot be replaced in time. The data travels over the public > > internet but the servers are not accessed by browsers. Due to the short > > timelines involved, a change in the BRs by the CAB Forum is also not > > possible. Therefore, they are seeking to get browser acknowledgement > > that a qualified audit, qualified by the existence of these certs, will > > be acceptable. > > > > The payment industry is moving towards SHA-256 but their timeline does > > not line up with the CAB Forum one. Our understanding is that Worldpay > > is not the only payment processor in this position. (We are not sure how > > to match this information with Worldpay's assertion that this was an > > oversight on their part, unless such oversights are unusually common at > > payment processors.) > > > > Our proposal, which we have sent to Symantec, Worldpay and the other > > browsers, is as follows: > > > > Symantec may issue certificates to Worldpay if the following things are > > true: > > > > 1. You immediately give copies to Mozilla (and other vendors who desire > > them) for us to immediately add them to OneCRL, as if they had been > > mis-issued. > > > > 2. Symantec's OCSP server MUST present a response of Revoked to any > > request for these certificates from, at a minimum, Firefox (based on > > User-Agent). Other browsers may wish to be added to this list. Sending > > Revoked to everyone would be easiest, but that depends on your testing > > as to whether it will break the intended clients. > > > > 3. Certificates issued under this exception MUST be logged to CT, and > > Symantec MUST disclose which logs they will be published in. > > > > 4. On issuance of any such certificate(s), the issuer MUST send mail to > > cabfpub announcing the event, including references to the CT entries. > > > > 5. The auditor's qualification MUST actively attest that the extent of > > SHA-1 issuance is no greater than that disclosed in CT. (Otherwise the > > qualification will be deemed unacceptable.) > > > > 6. The lifetime of the issued SHA-1 certificates MUST be no more than 90 > > days. Reissuance is permitted, but Mozilla reserves the right to decide > > in the future that the conditions for further issuance of such > > certificates may vary, including deeming them unacceptable under any > > circumstances. Mozilla is very likely to not permit validity to extend > > beyond the SHA-1 deadline of 31st December 2016. > > > > 7. This exception applies to Worldpay only; you need to come back and > > ask, presenting the circumstances, for other cases. If the impact is > > similar, similar terms may be extended. > > > > > > Mozilla is very keen to see SHA-1 eliminated, but understands that for > > historical reasons poor decisions were made in private PKIs about which > > roots to trust, and such decisions are not easily remedied. > > > > Please comment on whether this proposal seems reasonable, being aware of > > the short timelines involved. > > > > Gerv > > > > Overall, I am opposed to accommodating negligence, which is what is > proposed here. If such accommodation must be made nevertheless, the > "not later" dates of the affected certificates should be not later than > 60 days after their "not before" dates. Surely, 60 days should be > sufficient to comply with eliminating SHA-1 certificates. > Hi David, I certainly agree that we want to continue to apply upgrade pressure. The plan above proposes 90 days, which we chose in part because there is a fair bit of deployment experience in the web with certs of that length. (For example, https://google.com uses 90-day certs.) Do you think there's a material difference between 60 days and 90 days? Thanks, --Richard > > -- > David E. Ross > > While many tributes to the late Supreme Court Associate Justice > Antonin Scalia now fill the news media, his legacy was not > necessarily positive. See my "What Price Order, Mr. Justice Scalia?" > at <http://www.rossde.com/editorials/edtl_scalia_wrong.html>. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
