Rob Stradling wrote, On 2008-06-04 04:45: > 2. Give each affected CA the opportunity to submit a replacement 1024-bit > RSA Root Certificate for inclusion in new versions of Mozilla software. Each > of these replacement Root Certificates would exactly match the to-be-removed > Root Certificate (in terms of Subject name, Public Key and Subject Key > Identifier), but would have a different Serial Number and a more acceptable > Not After date.
That plan appeals to me. > Disadvantages: > - Each affected CA would have to spend some time reissuing their Root > Cetificate. Rob, in the past, any time that we have suggested that a CA issue a new root CA cert for any reason, even if only to change something minor, we've received much feedback saying that doing so represents a huge challenge and investment for the CAs, necessitating modifications to CPSes, triggering new audits, etc. etc. One gets the impression from those replies that this is something the CAs would rather avoid at (nearly) all cost. > - There may be some (solvable, I think) interoperability problems for CAs > that choose to include the "authorityCertSerialNumber" field in the Authority > Key Identifier extension of certificates issued by their 1024-bit Root > Certificates. Yes, that's also an issue. NSS treats AKID extensions as requirements. When the issuer says to the relying party, through an AKID extension, "you must rely on the issuer cert with this issuer name and serial number" NSS does so. I'm afraid the solution, for CAs that used that field, may be for them to reissue certs with the offending AKID extension. We keep telling CAs NOT to include the part of an AKID that names the issuer's issuer and the issuer's serial number, but many CAs keep on doing it anyway. The OpenSSL programs that create certs do that by default, IINM, requiring extra work (I gather) to avoid including that info in the AKID. I have suspected for some time now that the reason CAs keep including that info is because they haven't figured out how to stop the OpenSSL program from doing so. :( _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
