From: Kathleen Wilson <kwil...@mozilla.com>
Date: Thu, 01 Nov 2012 15:24:25 -0700
Local: Thurs, Nov 1 2012 6:24 pm
Subject: Re: ANSSI Root Inclusion Request for Renewed Root
On 11/1/12 9:26 AM, Erwann Abalea wrote:
> Bonjour,That's correct.
> Le mardi 30 octobre 2012 16:55:01 UTC+1, ig...@ssi.gouv.fr a écrit :
> That's the rationale, adding entropy to help defeat a prefix-chosen collision for non collision resistant hash functions. I agree that using SHA256 without entropy isn't a problem in a near future. However, the Mozilla Policy doesn't say that; the entropy is mandatory for all new certificates, the used hash function isn't taken into consideration.
item #9, last sub-bullet: "all new end-entity certificates must contain
at least 20 bits of unpredictable random data (preferably in the serial
> This isn't a blocker for this inclusion request if SHA1 is forbidden in the hierarchy.Agreed.
Good point. Needs to be addressed -- if SHA1 certs aren't allowed within
> I haven't found where in the CP/CPS is stated that SHA1 isn't an acceptable hash algorithm for certificates. Moreover, in RGS-A-14 document (http://references.modernisation.gouv.fr/sites/default/files/RGS_Profi..., clause V), it is said that SHA1 is acceptable for legacy applications support.
the hierarchy, then it should be documented in the CP/CPS.
>> Furthermore, the certificatePolicies chaining remains consistent with certifications.This needs to be further explained/resolved.
>> The OID arc of the French Ministry of agriculture is composed of the following items :
>> - a dedicated branch to regular uses whose eighth elements can go from 10 to 19 (number 15 identifies a certificate family for authentication servers) ;
> The chaining may be consistent with certifications, but you may read X.509, clause 184.108.40.206. Here's an excerpt:
> What it means it that the certificatePolicies of a CA certificate doesn't have to contain the CP OID of this CA, but the acceptable CP OIDs of end-user certificates.
> If you follow the normalized path validation algorithm (clause 10) with this chain, the result will be a valid certificate with an empty list of valid policies. The algorithm is worded differently in RFC5280 but the result is identical.
>> Concerning OCSP, Mozilla requirements (on the url : https://wiki.mozilla.org/CA:Communications) don't impose OCSP control for subscriber certificates. Such requirements concern EV certificates only. No EV certs are delivered.This quote is from the CA Communication that was sent on October 11,
>> Extract from the web site : “As per the CA / Browser Forum's Guidelines for EV Certs, CAs must Provide year OCSP capability for end-entity certificates That Are Issued Effective December 31, 2010. Mozilla is Considering technical ways to enforce this requirement OCSP Such That if Firefox cannot Obtain a valid response from the OCSP responder, then the certificate will not be Given EV treatment. Considering We are requiring the end-entity certificate To Provide the OCSP URI in the AIA: https://bugzilla.mozilla.org/show_bug.cgi?id=585122 # c23 Additionally, we urge all CAs OCSP To Provide for all certs, When They are not even EV.”
2010. This wiki page is for historical purposes, so old CA
Communications listed in this page will not be updated, though their
content may become outdated.
However, this reminded me to update the Recommended Practices wiki page
BR #13.2.2: "The CA SHALL update information provided via an Online
> You're right in that Mozilla doesn't require OCSP to be activated for *all* subscriber certificates.
Certificate Status Protocol..."
BR Appendix B regarding authorityInformationAccess in Subordinate CA
So it is concerning that the audit statement mentions compliance to the
>> Security issues regarding national security impose that audits of the French root CA are carried out by the relevant government organization (ANSSI in that case). ANSSI splits audits and implementation activities between two independent teams.I recall there being discussion about this when their root was first
> I'll let others show their opinion on wether ANSSI-audit team auditing ANSSI-implementation team is acceptable as a qualified third-party audit. A check of other governmental CAs applications might help.
included in 2009 (https://bugzilla.mozilla.org/show_bug.cgi?id=368970),
but I can't find the discussion thread. My recollection is that it was
determined that the auditing organization was separate from the group
that operated the root certificate, even though they are both part of
the French Government.
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.