Re: Re: Proposed limited exception to SHA-1 issuance

2016-03-01 Thread Richard Barnes
These have now been revoked in OneCRL: https://bugzilla.mozilla.org/show_bug.cgi?id=1252142 On Fri, Feb 26, 2016 at 4:14 PM, Dean Coclin wrote: > You beat me to it: > > Thesecertificate have been logged to our CT log server at > ct.ws.symantec.com,with these index numbers: > > 236731 > > 23674

Re: Private PKIs, Re: Proposed limited exception to SHA-1 issuance

2016-02-29 Thread Michael Ströder
Hanno Böck wrote: > On Mon, 29 Feb 2016 10:18:01 +0100 > Jürgen Brauckmann wrote: > >> Using private PKIs for such stuff isn't risk-free, as software >> vendors are confused about the security properties of their root >> store. > > Actually I also thought while reading this thread that I disagre

Re: Private PKIs, Re: Proposed limited exception to SHA-1 issuance

2016-02-29 Thread Phillip Hallam-Baker
On Mon, Feb 29, 2016 at 7:09 AM, Peter Gutmann wrote: > Jürgen Brauckmann writes: > >>Nice example from the consumer electronics world: Android >= 4.4 is quite >>resistant against private PKIs. You cannot import your own/your corporate >>private Root CAs for Openvpn- or Wifi access point security

Re: Proposed limited exception to SHA-1 issuance

2016-02-29 Thread Gervase Markham
On 27/02/16 23:50, David E. Ross wrote: > According to Softpedia, Mozilla is the only organization that agreed to > Symantec's request. Microsoft, Google, and others are holding firm on > rejecting SHA-1 certificates. See >

Re: Private PKIs, Re: Proposed limited exception to SHA-1 issuance

2016-02-29 Thread Richard Barnes
On Mon, Feb 29, 2016 at 4:18 AM, Jürgen Brauckmann wrote: > Peter Gutmann schrieb: > >> Wouldn't it be easier to issue their own certs (or roll out equipment >> which >> relies on WorldPay certs), at which point they could follow their own >> policies? Their problem is that their (inexplicable)

Re: Private PKIs, Re: Proposed limited exception to SHA-1 issuance

2016-02-29 Thread Jürgen Brauckmann
Peter Gutmann schrieb: Jürgen Brauckmann writes: http://www.howtogeek.com/198811/ask-htg-whats-the-deal-with-androids-persistent-network-may-be-monitored-warning/ Ugh, yuck! So on the one hand we have numerous research papers showing that Android apps that blindly trust any old cert they fin

Re: Private PKIs, Re: Proposed limited exception to SHA-1 issuance

2016-02-29 Thread Hanno Böck
On Mon, 29 Feb 2016 10:18:01 +0100 Jürgen Brauckmann wrote: > Using private PKIs for such stuff isn't risk-free, as software > vendors are confused about the security properties of their root > store. Actually I also thought while reading this thread that I disagree that a private PKI is always

RE: Private PKIs, Re: Proposed limited exception to SHA-1 issuance

2016-02-29 Thread Peter Gutmann
Jürgen Brauckmann writes: >Nice example from the consumer electronics world: Android >= 4.4 is quite >resistant against private PKIs. You cannot import your own/your corporate >private Root CAs for Openvpn- or Wifi access point security without getting >persistent, nasty, user-confusing warning m

Private PKIs, Re: Proposed limited exception to SHA-1 issuance

2016-02-29 Thread Jürgen Brauckmann
Peter Gutmann schrieb: Wouldn't it be easier to issue their own certs (or roll out equipment which relies on WorldPay certs), at which point they could follow their own policies? Their problem is that their (inexplicable) use of a public CA for a private PKI has meant they're now being held host

Re: Proposed limited exception to SHA-1 issuance

2016-02-27 Thread Eric Mill
On Sat, Feb 27, 2016 at 6:50 PM, David E. Ross wrote: > > According to Softpedia, Mozilla is the only organization that agreed to > Symantec's request. Microsoft, Google, and others are holding firm on > rejecting SHA-1 certificates. See > < > http://news.softpedia.com/news/mozilla-gives-a-secu

Re: Proposed limited exception to SHA-1 issuance

2016-02-27 Thread David E. Ross
On 2/23/2016 10:57 AM, Gervase Markham wrote [in part]: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been transitioning > to SHA-2 but due to an oversight have failed to do so in time for a > portion of their infrastru

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-27 Thread Matt Palmer
On Fri, Feb 26, 2016 at 08:32:34AM -0800, douglas.beat...@gmail.com wrote: > I hope the same courtesy is afforded to other high profile customers and > their CA should the need arise. Why should a requestor's profile come into it? Because they're in a better position to make trouble if their requ

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-27 Thread deanjc18
On Thursday, February 25, 2016 at 10:06:50 PM UTC-5, Peter Gutmann wrote: > Dean Coclin writes: > > >According to WP, as part of the EMV program, they are aggressively rolling > >out new devices to replace all old equipment in the field. They expect this > >to be completed by the end of the year.

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-26 Thread Dean Coclin
 You beat me to it:Thesecertificate have been logged to our CT log server at ct.ws.symantec.com,with these index numbers:236731236746236748236751236759236763236767 Dean Coclin  On 02/26/16, Andrew Ayer wrote: On Wed, 24 Feb 2016 16:11:38 -0800 (PST)rbar...@mozilla.com wrote:> 2. On issuance of any

Re: Proposed limited exception to SHA-1 issuance

2016-02-26 Thread Andrew Ayer
On Wed, 24 Feb 2016 16:11:38 -0800 (PST) rbar...@mozilla.com wrote: > 2. On issuance of any such certificate(s), the issuer MUST take the > following actions: 2.a. Submit the certificates to one or more > Certificate Transparency logs. (There is no requirement for the > certificates to contain a

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-26 Thread Richard Barnes
On Fri, Feb 26, 2016 at 11:32 AM, wrote: > On Thursday, February 25, 2016 at 10:06:50 PM UTC-5, Peter Gutmann wrote: > > Dean Coclin writes: > > I think Symantec and Mozilla are doing the right thing. Nobody is asking > to extend the 1/1/2017 SHA-1 deprecation date. World Pay could have SHA-1

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-26 Thread douglas . beattie
On Thursday, February 25, 2016 at 10:06:50 PM UTC-5, Peter Gutmann wrote: > Dean Coclin writes: I think Symantec and Mozilla are doing the right thing. Nobody is asking to extend the 1/1/2017 SHA-1 deprecation date. World Pay could have SHA-1 certificates that expire on 12/31/2016 if they had

RE: Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Peter Gutmann
Dean Coclin writes: >According to WP, as part of the EMV program, they are aggressively rolling >out new devices to replace all old equipment in the field. They expect this >to be completed by the end of the year. They have already moved a large >number of devices to support SHA-2. Wouldn't it b

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Dean Coclin
What CA(s) would Symantec use as the issuer for the certificates?The same one they've been using and know works: VeriSign Class 3 International Server CA - G3.>>Dean, are you sure about that? Rob-Yes I am. I am sure that we will be using that CA to satisfy this request because we know it works. You

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Dean Coclin
Richard,According to WP, as part of the EMV program, they are aggressively rolling out new devices to replace all old equipment in the field. They expect this to be completed by the end of the year. They have already moved a large number of devices to support SHA-2.Again, per my previous post, the

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Richard Barnes
Sent from my iPhone. Please excuse brevity. On Feb 25, 2016, at 13:34, Dean Coclin wrote: Richard, According to WP, as part of the EMV program, they are aggressively rolling out new devices to replace all old equipment in the field. They expect this to be completed by the end of the year. Tha

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Andrew Ayer
On Thu, 25 Feb 2016 09:13:42 -1000 Brian Smith wrote: > Gervase Markham wrote: > > > On 23/02/16 18:57, Gervase Markham wrote: > > > Mozilla and other browsers have been approached by Worldpay, a > > > large payment processor, via Symantec, their CA. They have been > > > transitioning to SHA-2

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Brian Smith
Gervase Markham wrote: > On 23/02/16 18:57, Gervase Markham wrote: > > Mozilla and other browsers have been approached by Worldpay, a large > > payment processor, via Symantec, their CA. They have been transitioning > > to SHA-2 but due to an oversight have failed to do so in time for a > > porti

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Gervase Markham
On 23/02/16 18:57, Gervase Markham wrote: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been transitioning > to SHA-2 but due to an oversight have failed to do so in time for a > portion of their infrastructure, and fai

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Rob Stradling
On 25/02/16 00:11, rbar...@mozilla.com wrote: Hey all, Thanks to everyone for the robust discussion here. Gerv, Kathleen and I have discussed and decided that Mozilla will allow a qualification due to issuance of SHA-1 certificates, subject to the following conditions: Do we know if the oth

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Rob Stradling
For each of the 7 servers that I can reach, "Class 3 Public Primary Certification Authority" is the issuer of the final cert in the chain. What proportion of the WorldPay terminals trust the (yanked) "Class 3 Public Primary Certification Authority" root? Is this the ~90%? If so, then the ~10

Re: Proposed limited exception to SHA-1 issuance

2016-02-25 Thread Rob Stradling
On 24/02/16 22:53, Dean Coclin wrote: Peter, The same one they've been using and know works: VeriSign Class 3 International Server CA - G3. Dean, are you sure about that? I just ran "openssl s_client" on each of the 7 names that Richard Barnes mentioned. I couldn't reach 3 of them (tptrans-

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Richard Barnes
On Wed, Feb 24, 2016 at 7:55 PM, Peter Gutmann wrote: > rbar...@mozilla.com writes: > > >While we are disappointed that a critical part of the Internet > >infrastructure is holding back an increase in security, we believe that > >this allowance strikes an acceptable compromise between minimizing

RE: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Peter Gutmann
rbar...@mozilla.com writes: >While we are disappointed that a critical part of the Internet >infrastructure is holding back an increase in security, we believe that >this allowance strikes an acceptable compromise between minimizing >disruption and risk and encouraging migration away from SHA-

RE: Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Peter Gutmann
Dean Coclin writes: >The same one they've been using and know works: VeriSign Class 3 >International Server CA - G3. So the devices will trust any cert from this CA? This is a serious question, a contractor once got into USG infrastructure with a $20 or so cert because they'd done the same th

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread rbarnes
Hey all, Thanks to everyone for the robust discussion here. Gerv, Kathleen and I have discussed and decided that Mozilla will allow a qualification due to issuance of SHA-1 certificates, subject to the following conditions: 1. SHA-1 certificates MUST NOT be issued for any name other than the s

Re: Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Dean Coclin
Peter,The same one they've been using and know works: VeriSign Class 3 International Server CA - G3. Dean On 02/24/16, Peter Bowen wrote: Dean as Symantec,What CA(s) would Symantec use as the issuer for the certificates?Thanks,PeterOn Feb 24, 2016 12:52 PM, "Dean Coclin"

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Peter Bowen
Dean as Symantec, What CA(s) would Symantec use as the issuer for the certificates? Thanks, Peter On Feb 24, 2016 12:52 PM, "Dean Coclin" wrote: > This is Dean from Symantec (same Dean as the CA/B Forum Chair but I'm > leaving that hat off right now). I'd like to answer some questions about > t

Re: Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Dean Coclin
This is Dean from Symantec (same Dean as the CA/B Forum Chair but I'm leaving that hat off right now). I'd like to answer some questions about this situation on which I agree is less than ideal.First off, as Gerv mentioned, many device manufacturers erroneously embedded public roots in their device

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Rob Stradling
On 24/02/16 14:40, Gervase Markham wrote: Hi Rob, These are extremely good questions. I have some of the answers. On 24/02/16 10:16, Rob Stradling wrote: Gerv, I would really like to see more technical details about the PKI software in WorldPay's terminals before offering an opinion on whether

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Steve
.org] On Behalf Of Steve > Sent: Wednesday, February 24, 2016 7:43 AM > To: Gervase Markham; Eric Mill; > mozilla-dev-security-pol...@lists.mozilla.org > Cc: Kathleen Wilson; Richard Barnes > Subject: Re: Proposed limited exception to SHA-1 issuance > > Given OCSP support in

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Gervase Markham
On 24/02/16 19:27, Jeremy Rowley wrote: > I believe the concern is that Worldpay is asking for an exception by saying, > "We've tried 'things' and they didn't work - can we please have a SHA1 > cert?" We don't know what these 'things' they've tried are or whether there > is an alternative. Lots of

RE: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Jeremy Rowley
24, 2016 7:43 AM To: Gervase Markham; Eric Mill; mozilla-dev-security-pol...@lists.mozilla.org Cc: Kathleen Wilson; Richard Barnes Subject: Re: Proposed limited exception to SHA-1 issuance Given OCSP support in the terminal software, this isn't likely to be archaic firmware open to ignoring crit

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Andrew Ayer
On Wed, 24 Feb 2016 14:58:37 + Gervase Markham wrote: > > They had ample opportunity to avoid a crisis. It is not > > Mozilla's responsibility to dig them out of the hole they have dug > > for themselves, > > It is not our responsibility; on the other hand, the damage which may > happen if w

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread benjamin . hewins
On Tuesday, February 23, 2016 at 6:58:19 PM UTC, Gervase Markham wrote: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been transitioning > to SHA-2 but due to an oversight have failed to do so in time for a > portion of

RE: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Jeremy Rowley
rkham [mailto:g...@mozilla.org] Sent: Wednesday, February 24, 2016 9:11 AM To: Jeremy Rowley; Rob Stradling; mozilla-dev-security-pol...@lists.mozilla.org Cc: Kathleen Wilson; Richard Barnes Subject: Re: Proposed limited exception to SHA-1 issuance On 24/02/16 15:45, Jeremy Rowley wrote: > I thi

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Gervase Markham
On 24/02/16 16:03, Eric Mill wrote: > Clearly, Mozilla is making a value judgment that this SHA-1 exception is > more merited than other public and private requests for exceptions. It > doesn't sound like Mozilla is potentially supporting this exception based > on a calculation of economic impact,

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Gervase Markham
On 24/02/16 15:45, Jeremy Rowley wrote: > I think Rob's questions are great and should be answered before deciding. > Many CAs have roots and can issue certs that browsers will simply reject. > There may be a simple way to provide them certs without issuing a ton of > SHA1s that are placed on OneCR

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Eric Mill
On Wed, Feb 24, 2016 at 9:31 AM, Gervase Markham wrote: > On 24/02/16 02:26, Eric Mill wrote: > > It would also be worth learning what segment of the market these 10,000 > > terminals would affect. I've seen these terminals before: > > > > > https://www.google.com/search?q=worldpay&espv=2&biw=116

RE: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Tim Hollebeek
16 AM To: Rob Stradling; Peter Gutmann Cc: Gervase Markham; mozilla-dev-security-pol...@lists.mozilla.org; Kathleen Wilson; Richard Barnes Subject: Re: Proposed limited exception to SHA-1 issuance Their path to avoid disruption to consumers on Sunday is the 9 gateways, not the 10,000+ terminals

RE: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Jeremy Rowley
mited exception to SHA-1 issuance On 23/02/16 18:57, Gervase Markham wrote: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been > transitioning to SHA-2 but due to an oversight have failed to do so in > time

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Gervase Markham
On 23/02/16 20:05, Andrew Ayer wrote: > Multiple mistakes were made by Worldpay (using public roots, leaving > the transition to the last minute, and then forgetting to renew before > the sunset) and Symantec (failing to make sure their customer was > prepared). I think it's unreasonable to blame

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Steve
Given OCSP support in the terminal software, this isn't likely to be archaic firmware open to ignoring criticality. Since money is flowing here, audits would scream at even older hash options or intentional defect exploitation. >From experience securing an application that moved 30% of all cash th

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Gervase Markham
On 24/02/16 02:38, Peter Gutmann wrote: > I'm curious about what's going on here, as you say this is a private PKI, so > why do they need certs from a public CA? Presumably Worldpay is doing this > for B2B comms, so why don't they issue their own certs, and they can keep > using SHA-1 for as long

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Gervase Markham
On 24/02/16 02:26, Eric Mill wrote: > It would also be worth learning what segment of the market these 10,000 > terminals would affect. I've seen these terminals before: > > https://www.google.com/search?q=worldpay&espv=2&biw=1168&bih=783&site=webhp&source=lnms&tbm=isch&sa=X&ved=0ahUKEwj91arSqo_LA

RE: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Peter Gutmann
Steve writes: >They state no business case where the 9 payment gateways are accessible by >browsers or that any business case exists on the gateways that uses any >client other than the payment terminal. So these things will never see access by a browser enforcing the SHA-1 restrictions? Where

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Steve
Just as important as browser users are the people who rely on payment terminals to enjoy their daily life. Here, the affected customer states no intent to put these certificates into browser accessible space. They state no business case where the 9 payment gateways are accessible by browsers or t

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Rob Stradling
On 24/02/16 10:20, Peter Gutmann wrote: Rob Stradling writes: But if it's an old version of NSS or OpenSSL, then the community could help find an exploitable bug. If it's a remote-code-exec we could patch their firmware for them to support SHA-256. Think of it as an undocumented remote admi

RE: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Peter Gutmann
Rob Stradling writes: >But if it's an old version of NSS or OpenSSL, then the community could help >find an exploitable bug. If it's a remote-code-exec we could patch their firmware for them to support SHA-256. Think of it as an undocumented remote admin capability. (Something like this has be

Re: Proposed limited exception to SHA-1 issuance

2016-02-24 Thread Rob Stradling
On 23/02/16 18:57, Gervase Markham wrote: Mozilla and other browsers have been approached by Worldpay, a large payment processor, via Symantec, their CA. They have been transitioning to SHA-2 but due to an oversight have failed to do so in time for a portion of their infrastructure, and failed to

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Richard Barnes
On Tue, Feb 23, 2016 at 6:26 PM, Eric Mill wrote: > On Tue, Feb 23, 2016 at 1:57 PM, Gervase Markham wrote: > >> >> Our proposal, which we have sent to Symantec, Worldpay and the other >> browsers, is as follows: >> > > Thank you for bringing this to the list for public input, even with a > tigh

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Eric Mill
On Tue, Feb 23, 2016 at 9:38 PM, Peter Gutmann wrote: > Gervase Markham writes: > > >Mozilla is very keen to see SHA-1 eliminated, but understands that for > >historical reasons poor decisions were made in private PKIs about which > roots > >to trust, and such decisions are not easily remedied.

RE: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Peter Gutmann
Gervase Markham writes: >Mozilla is very keen to see SHA-1 eliminated, but understands that for >historical reasons poor decisions were made in private PKIs about which roots >to trust, and such decisions are not easily remedied. I'm curious about what's going on here, as you say this is a priva

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Eric Mill
On Tue, Feb 23, 2016 at 1:57 PM, Gervase Markham wrote: > > Our proposal, which we have sent to Symantec, Worldpay and the other > browsers, is as follows: > Thank you for bringing this to the list for public input, even with a tight timeline and under immense pressure. It really speaks to how s

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Steve
Large quantities of SHA-1 certificates were issued in the weeks prior to the deadline as operators of systems not intended for primarily browser based consumption maximized their remaining compliant lifespan, Embedded physical deployment of devices that are not updated at browser speed runs the gam

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread tech29063
On Tuesday, February 23, 2016 at 10:58:19 AM UTC-8, Gervase Markham wrote: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been transitioning > to SHA-2 but due to an oversight have failed to do so in time for a > portion

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Richard Barnes
On Tue, Feb 23, 2016 at 12:05 PM, Andrew Ayer wrote: > On Tue, 23 Feb 2016 18:57:41 + > Gervase Markham wrote: > > > Please comment on whether this proposal seems reasonable, being aware > > of the short timelines involved. > > I am opposed. There is no telling how many other organizations a

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Richard Barnes
On Tue, Feb 23, 2016 at 1:55 PM, David E. Ross wrote: > On 2/23/2016 10:57 AM, Gervase Markham wrote: > > Mozilla and other browsers have been approached by Worldpay, a large > > payment processor, via Symantec, their CA. They have been transitioning > > to SHA-2 but due to an oversight have fail

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Richard Barnes
On Tue, Feb 23, 2016 at 1:47 PM, Andrew Ayer wrote: > On Tue, 23 Feb 2016 13:12:27 -0800 > Yuhong Bao wrote: > > > If OneCRL always used the same hash algorithm as the certificate, > > then any colliding certificate would also be treated as revoked. > > OneCRL would need to use the hash of the T

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Richard Barnes
On Tue, Feb 23, 2016 at 1:44 PM, Charles Reiss wrote: > On 02/23/16 18:57, Gervase Markham wrote: > [snip] > > Symantec may issue certificates to Worldpay if the following things are > > true: > > Based on what's happened with MD5 certificates, it seems the main risk > of harm comes from somethin

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread tech29063
On Tuesday, February 23, 2016 at 10:58:19 AM UTC-8, Gervase Markham wrote: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been transitioning > to SHA-2 but due to an oversight have failed to do so in time for a > portion

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread David E. Ross
On 2/23/2016 10:57 AM, Gervase Markham wrote: > Mozilla and other browsers have been approached by Worldpay, a large > payment processor, via Symantec, their CA. They have been transitioning > to SHA-2 but due to an oversight have failed to do so in time for a > portion of their infrastructure, and

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Andrew Ayer
On Tue, 23 Feb 2016 13:12:27 -0800 Yuhong Bao wrote: > If OneCRL always used the same hash algorithm as the certificate, > then any colliding certificate would also be treated as revoked. OneCRL would need to use the hash of the TBS, not the certificate. The TBS is what's collided, but once the

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Charles Reiss
On 02/23/16 18:57, Gervase Markham wrote: [snip] > Symantec may issue certificates to Worldpay if the following things are > true: Based on what's happened with MD5 certificates, it seems the main risk of harm comes from something like a chosen-prefix collision attack using a specially constructed

RE: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Yuhong Bao
> On Tue, 23 Feb 2016 18:57:41 + > Gervase Markham wrote: > >> Please comment on whether this proposal seems reasonable, being aware >> of the short timelines involved. > > I am opposed. There is no telling how many other organizations are in a > similar situation due to poor planning or "over

Re: Proposed limited exception to SHA-1 issuance

2016-02-23 Thread Andrew Ayer
On Tue, 23 Feb 2016 18:57:41 + Gervase Markham wrote: > Please comment on whether this proposal seems reasonable, being aware > of the short timelines involved. I am opposed. There is no telling how many other organizations are in a similar situation due to poor planning or "oversights" on t