On 18/11/16 15:06, Gervase Markham via Public wrote:
On 17/11/16 16:44, Andrew Ayer wrote:
CAs may only sign SHA-1 hashes over non-certificate data (e.g. OCSP
responses, CRLs) using certs which chain up to roots in Mozilla's
program if all of the following are true:
* the cert has a Basic Constraints extension with a value of false in
the cA component;
* Doing so is necessary for a documented compatibility reason;
* The CA takes care the all of the signed data is either static,
defined by the CA, or of a known and expected form.
I think this change takes us in the wrong direction. It would forbid
pre-generation of static OCSP responses signed directly by a cA:true
certificate, which is safe, while allowing good OCSP responses to be
forged for revoked certificates.
If, as Peter's list seems to suggest, the only non-certificate data CAs
need to sign is CRLs and OCSP responses, perhaps we can just eliminate
the first bullet above?
RFC6962 precertificates are X.509 certificates, but 6962-bis
precertificates are CMS signed-data objects.
See
https://tools.ietf.org/id/draft-ietf-trans-rfc6962-bis-20.html#rfc.section.3.2
Does that make them "non-certificate data" ?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
