On Mon, December 22, 2014 1:09 pm, Richard Barnes wrote:
>
> To be clear: The current "policy" was established by the two bugs above
> being landed, without discussion beyond the bugzilla thread. The point of
> this thread is to verify that that policy is OK, given the potential
> compat
> impact.
>
> Not saying that I disagree with you, but wanted to be clear about where we
> stand.
>
> --Richard
Richard,
Sorry to be contrarian, but your description of the policy is not
accurate, as noted by Kathleen's original message.
That is, the current Mozilla CA Certificate Store does not allow DSA
roots. That part is unambiguously clear by virtue of omission, and by
virtue of the 2.3 proposal for addition.
It is a separate, and arguably orthogonal matter, as to what Firefox does
for both TLS ciphersuites and leaf certs, just as it has been historically
separate as to what NSS does for the actual library capabilities. For
example, NSS could move to end DSA support independent of the Mozilla CA
Certificate Store policy, because they're separately maintained. Or NSS
could add DSA2 support (as it has) independent of Mozilla Firefox using it
(e.g. the same as you could say for GOST) and independent of the Mozilla
CA Certificate Policy allowing DSA roots.
Kathleen posed three questions (worded as two)
1) Should NSS support DSA certificates
2) Should mozilla::pkix support DSA certificates
3) Should the Mozilla CA Certificate Policy support DSA certificates
I don't believe a positive answer for #1 has any bearing on how #2 or #3
should be answered. The NSS maintainers add a variety of things to NSS
that don't belong on the public Internet, but which is needed in
enterprise environments (such as those supported by Red Hat). I believe
DSA2 is one of those - it's use outside of the US federal government is
virtually non-existent, and it's use within is anachronistic more than
anything.
#2 was related to the two bugs you mentioned, and the answer chosen at the
time was no. Again, I don't think it's something we typically answer here
on moz.dev.sec.policy (compared to dev.platform / dev.tech.crypto), but as
noted, the use on the public Internet is virtually non-existent - and for
good reason.
#3 is directly applicable to this list, and the current policy prohibits
them. I think the current policy is eminently sensible, because there's no
good reason for people to deploy new systems (especially in light of #1/#2
as it relates to other products as well). The security risks vs strength
seem to run counter to the CA Certificate Policy's attempts to improve
security (e.g. deprecating SHA-1, phasing out RSA-1024).