SHA256RSA Certificates
Serge Holibert
from this year german certificates will be signed SHA256RSA. Windows Vista
reports such Certificates as Ok but all other OSes NOT. Is it known if there
exist some patches for XP and W2k3 to support such certificates?
Thanks a lot
Sergi
Brian Komar
Brian
"Serge Holibert" <SergeH...@hotmail.com> wrote in message
news:uWznmZwT...@TK2MSFTNGP05.phx.gbl...
Serge Holibert
"Brian Komar" <brian...@nospam.identit.ca> schrieb im Newsbeitrag
news:03AF9184-8C1A-4670...@microsoft.com...
Alun Jones
> reports such Certificates as Ok but all other OSes NOT. Is it known if
> there exist some patches for XP and W2k3 to support such certificates?
Currently announced plans are to not back-port the new cryptography
algorithms to Windows versions earlier than Vista.
What certificates are we talking about, here - are these certificates that
are to be in common use, and that will fail in large numbers on XP systems,
or are they specialised certificates that aren't going to be used by regular
users?
Alun.
~~~~
Serge Holibert
SHA-1 is not allowed anymore in germany as official signature. So all
existing signature cards, e-id cards have been changed. Since they are only
supported by Vista a lot of people are really angry with MS
"Alun Jones" <al...@texis.invalid> schrieb im Newsbeitrag
news:243F8BF2-B61C-4C71...@microsoft.com...
Paul Adare
> SHA-1 is not allowed anymore in germany as official signature. So all
> existing signature cards, e-id cards have been changed. Since they are only
> supported by Vista a lot of people are really angry with MS
They should be angry with the government for not checking to see if this is
supported before rolling out the changes.
--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
System going down at 5 pm to install scheduler bug.
Serge Holibert
I do not agree to that. SHA-1 is not considered as safe anymore. Considering
that a german e-id has the same legal value as your handwritten signature
you can expect that only the best methods are being used.
"Paul Adare" <pka...@gmail.com> schrieb im Newsbeitrag
news:2ukpqe2q3hnm.9pgv61q9spim$.dlg@40tude.net...
Robert Kochem
> Currently announced plans are to not back-port the new cryptography
> algorithms to Windows versions earlier than Vista.
But using the modular Windows-CSP system it should be possible to install a
3rd party CSP that refits SHA-256, or am I wrong?
Robert
Serge Holibert
that will and does work. But what about the recipient of a signed document?
For example a signed email? Windows will display the signature of the
certificate already as corrupt!
"Robert Kochem" <rob...@mailueberfall.de> schrieb im Newsbeitrag
news:9u9efylr1t3s$.1oewaqnaxafmp.dlg@40tude.net...
Louis
I agree with you.
Unfortunately, Microsoft and others have seem to make SHA256 a
profitable commodity for "High Grade" security and a "reason" to upgrade
to VISTA.
Somehow I have a feeling this is going to come back to bite them for not
including XP clients as part of the "high grade" security solution.
Just consider OFFICE XP is will not be able to support the new Internet
Email DKIM Digital Signature system which every major SMTP vendor, Trust
system and appliance makers have either already or have budget 2008 to
include it in their product lines.
While DKIM is mostly a MTA signing to MTA verification framework, there
are already Windows plug-ins for MUAs that will do DKIM verification as
well tied to TRUST authorities.
Microsoft will not be able to add SHA256 exclusively for its own OFFICE
products without making it available for others or risk a ANTI-TRUST
charge against them,
This issue will not go away for Microsoft as the market for SHA256
signing grows world-wide. SHA1 was already deemed unsafe by the security
industry and if MS think this is a reason to upgrade to VISTA, well, I
don't think that costly solution is going to go over very well.
Last I heard, Windows XP is still a Microsoft supported product.
==
Serge Holibert wrote:
> Hi,
>
> I do not agree to that. SHA-1 is not considered as safe anymore.
> Considering that a german e-id has the same legal value as your
> handwritten signature you can expect that only the best methods are
> being used.
>
> "Paul Adare" <pka...@gmail.com> schrieb im Newsbeitrag
>>
Louis
> On Mon, 7 Jan 2008 10:57:35 +0100, Serge Holibert wrote:
>
>> SHA-1 is not allowed anymore in germany as official signature. So all
>> existing signature cards, e-id cards have been changed. Since they are only
>> supported by Vista a lot of people are really angry with MS
>
> They should be angry with the government for not checking to see if this is
> supported before rolling out the changes.
Why?
No one would expect this MS decision. The question is what's the
problem with MS adding SHA 256 support to Windows XP? Is it a technical
or marketing issue? I doubt technical.
Doesn't it fall in line with Bill Gate's Trust Initiative and adding
"high grade" security to its client and server products?
This not only hurts Microsoft PR across the board, this also hurt
Windows development shops who want to add SHA 256 support and now has a
very low expectation for widespread interoperability with Windows clients.
SHA 256 is the new world wide recommended security guideline by the
security and technical protocol community, including the IETF and US
Federal government (FIPS).
This has nothing to do with servers. They can always use 3rd party
tools, but it is the clients that are the problem. Microsoft is just
shooting its foot in my opinion.
--
Alun Jones
> that will and does work. But what about the recipient of a signed
> document? For example a signed email? Windows will display the signature
> of the certificate already as corrupt!
No, it will display it as using an unknown/unrecognised algorithm.
The user still can't trust the signature (or else, I could send you a
message signed with a made-up algorithm, and you'd be happy to accept it) -
but knows it's because they don't have the right signature algorithm.
Alun.
~~~~
Robert Kochem
> But what about the recipient of a signed document?
> For example a signed email? Windows will display the signature of the
> certificate already as corrupt!
Receipients are accustomed to use a certified software for verifying a
signature, therefore this is not a problem (and Windows is not
certified...).
Robert
Alun Jones
news:OR7yXtTU...@TK2MSFTNGP06.phx.gbl...
> No one would expect this MS decision. The question is what's the problem
> with MS adding SHA 256 support to Windows XP? Is it a technical or
> marketing issue? I doubt technical.
I don't see why "no one would expect this MS decision", considering that the
decision was made - and publicised - in response to the February 2005
announcement of NSA's Suite B, which includes the SHA-2 algorithms.
Microsoft redesigned the entire Crypto underpinnings for Vista and later
products, including an easier ability to extend the suite of algorithms
supported, and to work in kernel mode.
I imagine back-porting that work to earlier operating systems would be an
expensive piece of work, and with very few people calling for it, at least
until lately, I'd be surprised that it would be popular to say "we need
so-many-million to develop an as-yet-mostly-unused algorithm for an
out-of-date version of an operating system that we're trying to persuade
people to update to".
Microsoft had as many reasons to back-port SHA-2 as to back-port any other
component of Suite B, so it'd be rather surprising for them to announce that
they would back-port one component, and ignore all of the others (and the
other components require elliptic cryptography, which isn't any part of XP).
> Doesn't it fall in line with Bill Gate's Trust Initiative and adding "high
> grade" security to its client and server products?
Sure it does - and now that there's an increased demand, I wonder if it's
something that Microsoft is going to see value in back-porting?
> This not only hurts Microsoft PR across the board, this also hurt Windows
> development shops who want to add SHA 256 support and now has a very low
> expectation for widespread interoperability with Windows clients.
Certainly with older clients, yes.
> SHA 256 is the new world wide recommended security guideline by the
> security and technical protocol community, including the IETF and US
> Federal government (FIPS).
There's a key word there - "new". It's NEW. Why would an old operating
system support a NEW and unused standard?
> This has nothing to do with servers. They can always use 3rd party tools,
> but it is the clients that are the problem. Microsoft is just shooting its
> foot in my opinion.
To mix shooting metaphors, Germany is jumping the gun if it's requiring that
clients _now_ should support SHA-2, given that there is little current
client support.
However, as there are third-party algorithms and SDKs for Windows XP, you
will definitely see some users switching away from the CryptoAPI in order to
provide support for SHA-2 in Windows XP.
I might, however, take heart from the fact that the NIST notes, under it's
"In Process" list, that they are testing Windows XP SP3 for a "kernel mode
cryptographic module". Clearly development on CryptoAPI for XP has not
halted.
Remember that Microsoft is a business. As such, they don't respond as well
to "Microsoft are idiots, they shot themselves in the foot", as they do to
"Microsoft should seize this opportunity to solidify their holdings by
implementing this solution before customers seek alternatives".
Alun.
~~~~
Serge Holibert
> No, it will display it as using an unknown/unrecognised algorithm.
No, that is simply wrong!
> The user still can't trust the signature
You cannot trust a certificate which is classified by windows as corrupt!
Serge Holibert
> Serge Holibert schrieb:
>
>> But what about the recipient of a signed document?
>> For example a signed email? Windows will display the signature of the
>> certificate already as corrupt!
>
> Receipients are accustomed to use a certified software for verifying a
> signature,
True, it puts PDF into an excellent light since Adobe supports it properly
:-)
> therefore this is not a problem (and Windows is not
> certified...).
For emails you do not need a certified software since you use not the
qualified but advanced certificate. But I I would send you an email signed
with an SHA-2 certificate your outlook would report the certificate as
corrupt! Anyway - even that could be good to give alternative solutions such
as thunderbird etc an extra push!
>
> Robert
Serge Holibert
"Alun Jones" <al...@texis.invalid> schrieb im Newsbeitrag
> "Louis" <spam...@dontbother.com> wrote in message
> news:OR7yXtTU...@TK2MSFTNGP06.phx.gbl...
>> No one would expect this MS decision. The question is what's the problem
>> with MS adding SHA 256 support to Windows XP? Is it a technical or
>> marketing issue? I doubt technical.
>
> I don't see why "no one would expect this MS decision", considering that
> the
> decision was made - and publicised - in response to the February 2005
> announcement of NSA's Suite B, which includes the SHA-2 algorithms.
>
> Microsoft redesigned the entire Crypto underpinnings for Vista and later
> products, including an easier ability to extend the suite of algorithms
> supported, and to work in kernel mode.
Well, the CSP we are using (old style CSP) works on Vista, XP, W2k, W2k3 AND
it supports SHA-2. So there shouldnt be a problem for MS supporting SHA-2 in
their client software if not in their CSP. Or do you think small vendors are
so much smarter than MS?
>
> I imagine back-porting that work to earlier operating systems would be an
> expensive piece of work,
Expensive piece of work? In this case its really simply a marketing tool to
force people to upgrade to Vista. MS does has old style CSPs supporting
SHA-2. They are just not delivered with XP! So there is no extra development
at all!
> and with very few people calling for it, at least
> until lately,
Until lately? Even ECC is pretty prominent in some countries for several
years. Not surprisingly governments of those countries pretty much support
open source!
> I'd be surprised that it would be popular to say "we need
> so-many-million to develop an as-yet-mostly-unused algorithm for an
> out-of-date version of an operating system that we're trying to persuade
> people to update to".
>
> Microsoft had as many reasons to back-port SHA-2 as to back-port any other
> component of Suite B, so it'd be rather surprising for them to announce
> that
> they would back-port one component, and ignore all of the others (and the
> other components require elliptic cryptography, which isn't any part of
> XP).
>
>> Doesn't it fall in line with Bill Gate's Trust Initiative and adding
>> "high
>> grade" security to its client and server products?
>
> Sure it does - and now that there's an increased demand, I wonder if it's
> something that Microsoft is going to see value in back-porting?
There is no need of back porting. The CSPs do exist already!
>
>> This not only hurts Microsoft PR across the board, this also hurt Windows
>> development shops who want to add SHA 256 support and now has a very low
>> expectation for widespread interoperability with Windows clients.
Development shops are looking very much into the open source world due to
the lack of MS support!
>
> Certainly with older clients, yes.
XP is still a supported OS! Please do not forget that!
>
>> SHA 256 is the new world wide recommended security guideline by the
>> security and technical protocol community, including the IETF and US
>> Federal government (FIPS).
>
> There's a key word there - "new". It's NEW. Why would an old operating
> system support a NEW and unused standard?
>
>> This has nothing to do with servers. They can always use 3rd party tools,
>> but it is the clients that are the problem. Microsoft is just shooting
>> its
>> foot in my opinion.
>
> To mix shooting metaphors, Germany is jumping the gun if it's requiring
> that
> clients _now_ should support SHA-2, given that there is little current
> client support.
It is not "now". It was announced pretty much in advance. Germany is
furthermore not the only country. There is client support. It becomes a
custom to send everything as digitally signed PDF since Adobe has an
excellent customer support and works very close with the governments to
support recent standards.
>
> However, as there are third-party algorithms and SDKs for Windows XP, you
> will definitely see some users switching away from the CryptoAPI in order
> to
> provide support for SHA-2 in Windows XP.
True - that happend as well On the signing side that is fine. But you cannot
send an email and tell the recipient to download tool x to validate the
signature. Well - you could do that so people learn that there is a life
without Outlook. But is it that what MS really wants?
>
> I might, however, take heart from the fact that the NIST notes, under it's
> "In Process" list, that they are testing Windows XP SP3 for a "kernel mode
> cryptographic module". Clearly development on CryptoAPI for XP has not
> halted.
>
> Remember that Microsoft is a business. As such, they don't respond as well
> to "Microsoft are idiots, they shot themselves in the foot", as they do to
> "Microsoft should seize this opportunity to solidify their holdings by
> implementing this solution before customers seek alternatives".
Well, there are lots of example where MS lost their opportunity/markets.
>
> Alun.
> ~~~~
>
>
>
Serge Holibert
> The user still can't trust the signature (or else, I could send you a
> message signed with a made-up algorithm, and you'd be happy to accept
> it) - but knows it's because they don't have the right signature
> algorithm.
>
the signature. They just decrypt and look for the hash. Some (maybe all)
outlooks not even look if the Alogo ID in the padded hash is correct!
Robert Kochem
>> Receipients are accustomed to use a certified software for verifying a
>> signature,
>
> True, it puts PDF into an excellent light since Adobe supports it properly
> :-)
The funny fact is that Adobe Acrobat/Reader is not certified as well. You
have to install 3rd party plugins. Therefore detached signatures are the
common standard.
Robert
Andrew Tucker [MSFT]
We hear you and completely understand the importance of supporting
this in downlevel versions of the OS.
SHA-256 support for both the core crypto libraries and X.509
certificate verification is part of XP SP3 that will be released later
this year.
Serge Holibert
Andrew Tucker [MSFT]
wrote:
Yes, I believe you can download the XP SP3 Beta at
http://www.microsoft.com/downloads/details.aspx?FamilyID=75ed934c-8423-4386-ad98-36b124a720aa&DisplayLang=en
I am not 100% sure if this feature is in that Beta release, but it
definitely be in the final release.
Nunez@discussions.microsoft.com Santiago Nunez
"Andrew Tucker [MSFT]" wrote:
I have tested the Release Candidate for XP SP3
http://www.microsoft.com/downloads/details.aspx?FamilyID=75ed934c-8423-4386-ad98-36b124a720aa&DisplayLang=en
and it has included the support for certificate validation when the signature
algoritm is SHA256RSA
Serge Holibert
in which provider will SHA256 be included? AES?
"Andrew Tucker [MSFT]" <Andrew...@gmail.com> schrieb im Newsbeitrag
news:3216d822-0933-4693-´
Andrew Tucker [MSFT]
> Hi,
>
> in which provider will SHA256 be included? AES?
>
> news:3216d822-0933-4693-´
>
> We hear you and completely understand the importance of supporting
> this in downlevel versions of the OS.
>
> SHA-256 support for both the core crypto libraries and X.509
> certificate verification is part of XP SP3 that will be released later
> this year.
Yes - same as on Vista and Server 2003.