On Tuesday, 19 July 2016 14:03:47 UTC+1, Gervase Markham wrote: > Symantec have provided a response to this point on the CABF list (where > they wish formal discussion of the TSYS request to take place, which is > not unreasonable). If you are dissatisfied with the answer and wish to > prolong the conversation, I would be happy to forward mails to the CABF > list when requested.
I would hope everyone is dissatisfied with their answer so far. Ryan Sleevi seems to be on top of this and I don't have anything to add to what he's written to TSYS, if he's able to wrestle a more satisfactory explanation out of them that'd be nice. Otherwise my position remains that Mozilla should ask TSYS to come back with tbsCertificates that lack the gibberish. Unlike regular day-to-day SHA-256 issuance, we have every reason to assume that new SHA-1 issuance is actively targeted by adversaries intending a Merkle–Damgård chosen prefix attack. As a result, all the values in the tbsCertificate should as much as possible have a transparently obvious purpose so that there can be no suspicion that this tbsCertificate is part of an attack. Re-using most values from older certificates which pre-date any practical attack is a good way to achieve this. The claim that this new gibberish is an "independent cryptographically created identity value" is not transparent. There is good news here in this application. These certificates are issued from an Symantec intermediate which, as far as I can see, is signed with pathlen:0 - thus a chosen prefix attack cannot produce a working CA certificate. And TSYS, unlike a random SSL applicant on some discount certificate site, has quite a reputation to lose if their application is hijacked to obtain a forged certificate. Nevertheless it makes sense for us to be cautious - allowing these exemptions does impose a risk to the web PKI that ordinary relying parties (e.g. Firefox users) see no direct benefit from. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy