On Tue, Apr 19, 2016 at 12:08:21PM -0700,
martin...@gmail.com wrote:
> On Friday, 15 April 2016 20:26:39 UTC+3, Richard Barnes wrote:
> > Do you mean SHA-1 for client certificates? For those, the browser isn't
> > the relying party; it would be up to the website to decide whether a SHA-1
> > client certificate is acceptable.
>
> But the browser still needs to "support" the certificates.
All a browser needs to do to "support" a client certificate is send it to
the relying party, and use the corresponding private key to do some
cryptographic operations. I'm not certain, but I'd be *extremely* surprised
if all the cryptographic-level code for "weak" algorithms and key strengths
had been forcibly removed from NSS.
> Given the somewhat fragile state of client certificate authentication
> (keygen removal, "x509 UX is ugly" etc), maybe it might be useful to have
> a baseline profile for client certificates as well?
I don't see how your conclusion follows from your axiom. Could you expand
somewhat on that?
> What if I used 512 bit RSA keys? MD5? Shall a browser or some other
> client side system intervene? Drawing a reasonable line with reasonable
> dates might be helpful to the community as a whole.
How would it be helpful?
- Matt