Open
Bug 1129077
Opened 9 years ago
Updated 2 years ago
Remove support for certificates that use the P-521 curve
Categories
(Core :: Security: PSM, defect, P5)
Core
Security: PSM
Tracking
()
NEW
mozilla38
People
(Reporter: briansmith, Unassigned)
References
Details
(Whiteboard: [psm-backlog])
Attachments
(1 file)
5.04 KB,
patch
|
rbarnes
:
review-
|
Details | Diff | Splinter Review |
This bug is about the changes to PSM to drop P-521 support. See the discussion in bug 1128792. This is one of the final steps in implementing the cipher suite proposal [1]. Kathleen: The CA policy documents mention "P-512", which doesn't exist, but which was almost definitely intended to refer to P-521. We should remove that reference from the CA policy. Note that these patch doesn't remove P-521 support from NSS or WebCrypto. [1] https://briansmith.org/browser-ciphersuites-01.html [2] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/
Attachment #8558669 -
Flags: review?(dkeeler)
Attachment #8558669 -
Attachment is patch: true
Attachment #8558669 -
Attachment mime type: text/x-patch → text/plain
Comment on attachment 8558669 [details] [diff] [review] remove-P-521-from-Gecko-TLS.patch Review of attachment 8558669 [details] [diff] [review]: ----------------------------------------------------------------- Ok - r=me. ::: security/manager/ssl/tests/unit/test_keysize.js @@ +92,5 @@ > function checkECCChains() { > checkChain("prime256v1", 256, > "secp384r1", 384, > "secp521r1", 521, > + SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); With this change, we don't have a successful testcase for a chain consisting entirely of ECC keys - it would be nice to have one.
Attachment #8558669 -
Flags: review?(dkeeler) → review+
Comment 2•9 years ago
|
||
Comment on attachment 8558669 [details] [diff] [review] remove-P-521-from-Gecko-TLS.patch Review of attachment 8558669 [details] [diff] [review]: ----------------------------------------------------------------- This is a change that has potential compatibility impacts. Please do not land until there has been some public discussion, e.g., on dev.tech.crypto.
Attachment #8558669 -
Flags: review+ → review-
Hmm - for some reason I thought there had been some discussion around this. Maybe I'm thinking of the comments in bug 1128792, but it would be good to at least announce this on some mailing lists and see if anyone has any valid concerns. That said, the telemetry data does indicate that this is extremely seldom used. With a script I threw together, it seems there have been 93376331053 hits for ECDSA signatures in handshakes in telemetry. Of these, 14113 used P-521. If these handshakes were uniformly distributed at random among 400 million users, we would expect 60 people to be affected. The compatibility impact will probably be less than almost any other change we've made.
Reporter | ||
Comment 4•9 years ago
|
||
The cipher suite proposal [1] says that the client must list P-256 and P-384 in the supported curves extension in the ClientHello. However, it doesn't say that browsers should only support P-256 and P-384 or that we shouldn't support P-521. Thanks for pointing this out. I agree that it is worth posing to the mailing list. I will do so. [1] https://briansmith.org/browser-ciphersuites-01
Reporter | ||
Comment 5•8 years ago
|
||
This is a bug worth fixing but I don't have the time to finish this, so unassigning myself.
Assignee: brian → nobody
Status: ASSIGNED → NEW
Whiteboard: [psm-backlog]
Comment hidden (obsolete) |
Comment hidden (obsolete) |
Priority: -- → P5
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•