Confirmed users, Administrators
5,526
edits
Security/Features/Certs Disallow Weak Keys: Difference between revisions
Jump to navigation
Jump to search
Security/Features/Certs Disallow Weak Keys (view source)
Revision as of 18:53, 17 December 2013
, 17 December 2013no edit summary
(Created page with "{{FeatureStatus |Feature name=Disallow Weak RSA Keys |Feature stage=Draft |Feature health=OK }} {{FeatureTeam |Feature product manager=Sid Stamm |Feature additional members=Ka...") |
No edit summary |
||
| Line 16: | Line 16: | ||
See also: https://cabforum.org/pipermail/public/2013-September/002233.html | See also: https://cabforum.org/pipermail/public/2013-September/002233.html | ||
|Feature users and use cases=Make the web safer. Kill weak keys. | |Feature users and use cases=Make the web safer. Kill weak keys. | ||
|Feature requirements=We should plan for which release the change will go in, and announce it well ahead of time, which means picking a release and moving from there. | |Feature requirements=We should plan for which release the change will go in, and announce it well ahead of time, which means picking a release and moving from there. | ||
|Feature implementation plan=# Pick a release | |Feature implementation plan=# Pick a release | ||
| Line 31: | Line 30: | ||
}} | }} | ||
{{FeatureTeamStatus}} | {{FeatureTeamStatus}} | ||
http://research.microsoft.com/pubs/206278/ndss.pdf: "In terms of key lengths, perhaps surprisingly, we find that the proportion of signed certificates with 1024-bit keys actually went up from 4.3% (plus 117 intermediate CAs) to 5.2% (plus 2 intermediate CAs) between the two periods. For endpoint and intermediate CA certificates, 1024-bit keys are allowed by the CA/Browser Forum if they expire before 2014. Checking this requirement, the percentage of violations among endpoint certificates is in fact going down slightly from 0.57% to 0.53%. Investigating further, we found that the main providers of 1024-bit keys (Google, Akamai, and Servision) are issuing only short lifespan certificates and seem to be in the process of moving to 2048-bit keys. | |||
Our code still allows certs with 512-bit RSA keys... | |||
* Related bugs: {{bug|360126}}, {{bug|134735}}, {{bug|623265}} {{bug|622859}} | |||
* [http://news.netcraft.com/archives/2012/09/10/minimum-rsa-public-key-lengths-guidelines-or-rules.html press about 512-bit RSA keys] -- "The latest versions of Safari ..., Opera, Google Chrome, and Internet Explorer ... Notably, Mozilla Firefox does not yet reject such certificates." | |||
*512bit certs have been maliciously used. | |||
* Chrome and Apple also previously disallowed certs < 1024 bits. | |||
* [http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx Microsoft software update to be released in October 2012] will block the use of cryptographic keys that are less than 1024 bits. | |||
*[https://wiki.mozilla.org/CA:Communications#Responses CAs have confirmed] that they are no longer issuing certs less than 1023 bits. | |||
** {{bug|360126#c10}} - rejecting < 1024 is fine. | |||
*{{bug|360126#c16}}: NSS has SSL_GetChannelInfo function to enable apps to get and display information about cert key strengths. Also see {{bug|587234}} | |||