ca-certificates 2014.2.1 will remove several still valid CA certificates with weak keys
Kai Engert
kaie at kuix.de
Wed Sep 17 12:16:46 UTC 2014
On Mon, 2014-09-08 at 09:00 -0500, Michael Catanzaro wrote:
> On Mon, 2014-09-08 at 10:06 +0200, Nikos Mavrogiannopoulos wrote:
> > Unfortunately only NSS works. Both openssl and gnutls fail to connect to
> > popular sites because of that change. It should not be assumed that the
> > users of ca-certificates are only programs using nss.
>
> [1] is an interesting read. I get the impression that certificates are
> being removed as long as there is a compatible replacement that NSS can
> validate, based on NSS's custom strategies for certificate validation.
> Is this claim accurate?
Yes. Getting phased out old, weak 1024-bit root CA certificates is
difficult work, because there are so many issued certificates that still
chain up to them.
If we wanted to wait for all of them to expire, it would take many
additional years, until users were safe from attackers trying to
generate certificates that appear to have valid signatures from CA
certificates that use a weak signing key.
Bridge CA certificates are a common way to enable transitioning from old
CA to newer CA certificates, while keeping compatibility.
Shipping intermediate CA certificates to help find software find
alternative trust chain is a good solution, in my opinion, and indeed is
used by upstream to clean up the Mozilla CA list, while keeping
compatibility.
In my opinion, if other software cannot find the alternative trust
chains, that's a bug.
I think it's good that we have started experimenting with these removals
in the testing areas of Fedora, because it raises awareness of these
issues, and hopefully can bring higher priority to getting OpenSSL and
GnuTLS enhanced.
But given the heavy complaints, maybe it's necessary that we delay
shipping the upstream removals into stable Fedora a little longer, until
we have a better solution (either by having OpenSSL/GnuTLS enhanced, or
maybe by implementing a way that enables users/admins to re-enable
legacy CA certificates).
Kai
More information about the devel
mailing list