On 12/14/2013 06:28 PM, Brian Smith wrote: > Kurt, > > Thanks for your suggestions. > > On Sat, Dec 14, 2013 at 12:46 PM, Kurt Roeckx <k...@roeckx.be> wrote: > >> I think we need to come up with a plan to improve security in the >> long run. I think what we would like to see in general is: >> - Only SHA256 or better (and so TLS 1.2) >> > This is gated almost purely on servers actually switching to SHA-2 certs > and TLS 1.2. See https://bugzilla.mozilla.org/show_bug.cgi?id=942515, which > is related to this. I think it makes sense to revisit this after we figure > out exactly what we're doing with SHA-1-based certificates, because it > doesn't make sense to plan to go "SHA-2 only" until that happens. So, we're > talking about something after 2017. We (the Mozilla community) could help > coordinate a push for servers to upgrade, but there's not much actionable > we can do now, AFAICT, except for advocate for improvements by servers and > fixing any bugs that impair that switchover.
This can also be done without NSS changes. simply add SHA-2 to the 'don't accept signatures' policy. > > - Only 2048 bit public, 128 bit symmetric, 256 bit elliptic, or This might require NSS changes in SSL/TLS to enforce (well you could check the cert in the callback, but you wouldn't see any DHE keys that may be generated. >> better. >> > Approximately 1.5% of Fx26 full handshakes that use RSA certs use keys > smaller than 2048 bits. So, enforcing the 2048 bit limit is not going to be > a simple thing to do for a while, even though we want to do it soon. We can > enforce the 256 bit limit on ECC now though, because literally everybody > seems to be using the P-256 curve. That's already happening implicitly in FF because FF only supports NIST p256, p384, and p521. (Likewise Microsoft only supports these three curves as well). > (This actually makes me wonder if the > P-384 support even works, since not a single handshake in Firefox 26 used > it.) It does, I use it periodically in my testing (particularly with ECC tokens, so it's not just NSS against NSS). bob
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
