At 12:45 PM +0100 6/4/08, Rob Stradling wrote: >For those 1024-bit RSA Root Certificates that are *already included* in >Mozilla software, I think that a distinction should be drawn between: > A. Those that expire before NIST's 2010 deadline. > B. Those that expire soon after 2010. > C. Those that expire well beyond 2010. > . . . >I have a suggestion regarding what Mozilla could do *right now* with type C >Root Certificates... > 1. Remove each type C Root Certificate from Mozilla ASAP, but also... > 2. Give each affected CA the opportunity to submit a replacement 1024-bit >RSA Root Certificate for inclusion in new versions of Mozilla software. Each >of these replacement Root Certificates would exactly match the to-be-removed >Root Certificate (in terms of Subject name, Public Key and Subject Key >Identifier), but would have a different Serial Number and a more acceptable >Not After date.
This sounds like an interesting proposal. >Advantages: > + Mozilla would be able to prevent the reliance on 1024-bit RSA Root CA Keys >according to a time schedule set by Mozilla. > + This prevention time schedule would take effect ASAP. There would be no >need to wait until 2013 to remove type C Root Certificates from Mozilla, >which means that... > + Versions of Mozilla software published between ASAP and 2013 would not >trust any 1024-bit RSA Root Keys beyond 2013. (I think that, come 2013, we >can expect some users to be using old versions of Mozilla software). > >Disadvantages: > - Each affected CA would have to spend some time reissuing their Root >Cetificate. It is a trivial amount of work relative to getting a new audit for a new CP and/or CPS. > - Mozilla representatives would have to spend some time checking the >replacement certificates and writing patches to remove/include the >original/replacement certificates. True. Possibly worth it. > - There may be some (solvable, I think) interoperability problems for CAs >that choose to include the "authorityCertSerialNumber" field in the Authority >Key Identifier extension of certificates issued by their 1024-bit Root >Certificates. Not sure what you mean here. > >Am I trying to make things too complicated? >Or does anybody think that this idea is worth considering? Definitely worth considering. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
