Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SHA-1 Client SSL Certificates phase out ?

153 views
Skip to first unread message

jean....@gmail.com

unread,
Apr 13, 2016, 1:21:02 PM4/13/16
to mozilla-dev-s...@lists.mozilla.org
This article (https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/) states that SHA-1 SSL server certificates will not be trusted after 2017 Jan 01 (updated to 2016 Jun 01 if I remember correctly).

Do you plan to prevent user from using SHA-1 SSL client certificates as well ? If so, what is the expected deadline ?

Thanks in advance,
Regards,
@iansus

Richard Barnes

unread,
Apr 15, 2016, 1:26:39 PM4/15/16
to jean....@gmail.com, mozilla-dev-s...@lists.mozilla.org
Do you mean SHA-1 for client certificates? For those, the browser isn't
the relying party; it would be up to the website to decide whether a SHA-1
client certificate is acceptable.

On Wed, Apr 13, 2016 at 4:14 AM, <jean....@gmail.com> wrote:

> This article (
> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>

martin...@gmail.com

unread,
Apr 19, 2016, 3:08:26 PM4/19/16
to mozilla-dev-s...@lists.mozilla.org
On Friday, 15 April 2016 20:26:39 UTC+3, Richard Barnes wrote:
> Do you mean SHA-1 for client certificates? For those, the browser isn't
> the relying party; it would be up to the website to decide whether a SHA-1
> client certificate is acceptable.

But the browser still needs to "support" the certificates. Given the somewhat fragile state of client certificate authentication (keygen removal, "x509 UX is ugly" etc), maybe it might be useful to have a baseline profile for client certificates as well? What if I used 512 bit RSA keys? MD5? Shall a browser or some other client side system intervene? Drawing a reasonable line with reasonable dates might be helpful to the community as a whole.

Matt Palmer

unread,
Apr 19, 2016, 5:38:00 PM4/19/16
to dev-secur...@lists.mozilla.org
On Tue, Apr 19, 2016 at 12:08:21PM -0700, martin...@gmail.com wrote:
> On Friday, 15 April 2016 20:26:39 UTC+3, Richard Barnes wrote:
> > Do you mean SHA-1 for client certificates? For those, the browser isn't
> > the relying party; it would be up to the website to decide whether a SHA-1
> > client certificate is acceptable.
>
> But the browser still needs to "support" the certificates.

All a browser needs to do to "support" a client certificate is send it to
the relying party, and use the corresponding private key to do some
cryptographic operations. I'm not certain, but I'd be *extremely* surprised
if all the cryptographic-level code for "weak" algorithms and key strengths
had been forcibly removed from NSS.

> Given the somewhat fragile state of client certificate authentication
> (keygen removal, "x509 UX is ugly" etc), maybe it might be useful to have
> a baseline profile for client certificates as well?

I don't see how your conclusion follows from your axiom. Could you expand
somewhat on that?

> What if I used 512 bit RSA keys? MD5? Shall a browser or some other
> client side system intervene? Drawing a reasonable line with reasonable
> dates might be helpful to the community as a whole.

How would it be helpful?

- Matt

0 new messages