At 6:18 PM -0400 7/18/08, Frank Hecker wrote: >Paul Hoffman wrote: >> At 9:27 AM -0400 7/18/08, Frank Hecker wrote: >>> Paul Hoffman wrote: >>> > Has anyone validated the ECC paramters they used? >>> >>> Not that I'm aware. >> >> I think that's unfortunate. It is easy for all of us to test the >> parameters for RSA certs, but few of us have software for testing ECC >> certs. > >Are there NSS, OpenSSL, or other open source utilities available for >this purpose?
I don't know, but I take it you don't either. Hopefully others on this list might. FWIW, the latest version of OpenSSL (0.98h) won't: # openssl x509 -in COMODOECCCertificationAuthority.crt -out COMODOECCCertificationAuthority.pem -inform der -outform pem # openssl verify COMODOECCCertificationAuthority.pem COMODOECCCertificationAuthority.pem: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority error 18 at 0 depth lookup:self signed certificate /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority error 7 at 0 depth lookup:certificate signature failure 57046:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:141: >Could you point me to more information on this topic? NIST FIPS 186-3 is the standard, and it has the parameters for the curve that Comodo says they are using. > >> There's a test site with a Comodo-issued ECC cert at >>> >>> https://comodoecccertificationauthority-ev.comodoca.com/ >> >> ...which no browser will let me into. :-) > >For Firefox at least that's because we haven't added the root CA cert >yet, though there might be additional reasons relating to the OCSP >responder (see the bug for more info). I was able to add a security >exception for this site and then could access it successfully (using >Firefox 3.0.1 on OS X), however it's not clear to what extent Firefox >was able to validate the cert signature. (Firefox still gives me a >"certificate did not verify for unknown reasons" message.) That is a bad sign, yes? It seems unwise for us to approve a trust anchor we can't even verify. I am quite sure we will eventually be able to verify it (or a corrected version if Comodo made a mistake), but having an error in the first ECDSA certificate we put in our trusted root pile will be bad publicity both for Mozilla and for ECDSA. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
