[Ach] Algorithm Check on Path Validation?

Rainer Hoerbe rainer at hoerbe.at
Sat Jan 25 19:12:15 CET 2014

A potential problem with weak CA signatures (using RSA 1024 and/or MD5) will remain for some time. According the the current cab policy RSA 1024 and MD5 have been banned only for certificates issued from 2011 onwards. Certificates with lifetimes of 5 or 6 years (like Go Daddy Secure Certification Authority, or a-sign-SSL-03) will weaken the PKI-ecosystem until 2016 (or later, if some CP allow for that).

As a mitigation these CAs would have to disappear from the hardened crypto universe. What are the options?
1. remove the weak ones from the trust list in advance:
  1.1 eliminated root CAs that use weak self-signing algorithms
  1.2 find out popular intermediate CAs and apply the same
  1.3 check CPs to find out those that create weak end entity certs
2. Limit the trust store to a small number of ... CAs
3. check for algorithms during the cert path validation

Re 1. The first step (1.1) seems to be quite feasible to do, but does not really protect agains weak certificates down the chain. Intermediate CAs may be discovered dynamically, so weak intermediate CAs or those issuing weak end entity certs are hard to protect against.

Re 2. As already discussed on this list, this is probably more complicated than making long-lasting peace in the Middle East.

Re 3. I am not aware of tools that would do this. Yes, one could write some mod_ssl_extra_path_val, but that seems to be more than a lost weekend.
BTW, the NIST Path Validation Test Suite (PKITS) does require products to use only SHA-256 for signatures. But it is only applicable to a subset of vendors supplying the US federal government (the IBM/Oracle/Entrust/etc. world).

Any ideas?

- Rainer Hörbe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140125/fff22b7b/attachment.html>

More information about the Ach mailing list