On Fri, Mar 22, 2019 at 4:00 PM Andrew Ayer via dev-security-policy < [email protected]> wrote:
> On Fri, 22 Mar 2019 12:50:43 -0600 > Wayne Thayer via dev-security-policy > <[email protected]> wrote: > > > I've been asked if the section 5.1.1 restrictions on SHA-1 issuance > > apply to timestamping CAs. Specifically, does Mozilla policy apply to > > the issuance of a SHA-1 CA certificate asserting only the > > timestamping EKU and chaining to a root in our program? Because this > > certificate is not in scope for our policy as defined in section 1.1, > > I do not believe that this would be a violation of the policy. And > > because the CA would be in control of the entire contents of the > > certificate, I also do not believe that this action would create an > > unacceptable risk. > > It was the intent of section 5.1.1 to apply to such certificates, and > the wording in 5.1.1, which talks about "CAs" signing "SHA-1 hashes" > means that 5.1.1 applies even when the apparent signed data isn't a > certificate in scope of Mozilla policy. This is necessary because the > problem with hash collisions is that while the data the CA thinks it's > signing might not be a certificate in scope of Mozilla policy, the hash > might collide with a certificate that *is* in scope. > I agree with Andrew - this was very much the intent. This is similar to the advice given in a recent reply [1], is consistent with the past discussion regarding OCSP signers, which GlobalSign had also brought up [2][3], which past CAs have regarded as incidents [4][5], and which lead to the exception Andrew mentions here. It was the intent of the policy that this be prohibited, except as noted. [7] [1] https://groups.google.com/d/msg/mozilla.dev.security.policy/vDhKG7T6sCM/vtGubR0pBwAJ [2] https://groups.google.com/d/msg/mozilla.dev.security.policy/NthdT8sOQQ0/q37006A6AAAJ [3] https://groups.google.com/d/msg/mozilla.dev.security.policy/aCJQ5JkYcVw/diq_e0_kAQAJ [4] https://groups.google.com/d/msg/mozilla.dev.security.policy/paXc44rj5PU/lfydcQ_HAgAJ [5] https://groups.google.com/d/msg/mozilla.dev.security.policy/6BdFdNQKJoY/NY_owWajAAAJ [6] https://groups.google.com/d/msg/mozilla.dev.security.policy/ScoboGpN4w4/GxUCmGWuBgAJ [7] https://groups.google.com/d/msg/mozilla.dev.security.policy/wVhRt63bTpU/FxxNlYzxCQAJ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
