5

I understand the SHA1 deprecation policy applies to CA's issuing SHA2 end-entity certs and intermediates starting Jan 2017 but how will this policy affect the actual root certificates in OS/Browser trust stores? Will the SHA1's be getting flushed out in favor of SHA2 roots? I know a lot of CA's are now going SHA2 up to the root but wondering if MS and the others plan on keeping SHA1's in the trust stores for a specified period of time.

user53029
  • 2,687
  • 5
  • 24
  • 35
  • 1
    Not necessarily a duplicate, but this is relevent: [Trying to understand why signatures in root certs “are not used”?](http://security.stackexchange.com/q/67542/12) – Xander Nov 24 '14 at 14:40
  • No, I understand that. I think what's probably going to happen is they'll stay there, in the trusted root stores, until they expire. I don't *think* there will be a push to flush them out by a certain date. – user53029 Nov 24 '14 at 22:48
  • Ok nm..see below – user53029 Nov 24 '14 at 22:49
  • @user53029: My summary was WAY misleading. See my edit below. – StackzOfZtuff Nov 25 '14 at 06:16
  • @Xander's link above is helpful. It doesn't matter how the *root* certs are signed. [From Google:](https://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html) "SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash." [From Mozilla:](https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/) "Root certificates are trusted by virtue of their inclusion in Firefox, so it does not matter how they are signed." – medmunds Dec 01 '15 at 21:00

1 Answers1

4

(Edit 2014-11-25: Reworded flushed out to phased out.)
Short answer: From what I can tell, they will be gracefully phased out, not flushed out. (At least by Microsoft.) The old SHA1 root certs will expire regularly and Microsoft will no longer accept NEW SHA1-roots starting 2016. The old ones will stay in I guess, since they were compliant to the guidelines when accepted into their root CA program. -- The other 3 organisations I looked at had no limits on SHA1 roots.

Microsoft
Microsoft will no longer accept SHA1 for their root CAs after the end of 2015.
http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx

Digest Algorithms
SHA1 (until 1 Jan 2016)
SHA2 (SHA256, SHA384, SHA512)

They did the same thing with MD5 a while back.
http://technet.microsoft.com/en-us/library/cc751157.aspx

Hash algorithm must be at least SHA1. No MD2, MD4 or MD5 hashes accepted.

CABForum
CABForum disallows MD5 in roots starting 2010. But SHA-1 is (as of yet) still allowed for root CAs. (So while there is no security reason to mandate any digest algorithm the root CA self signature this shows that it has in fact been mandated before.)
https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf

Certificates MUST meet the following requirements for algorithm type and key size.
Digest algorithm: Validity period beginning on or before 31 Dec 2010: MD5 (NOT RECOMMENDED), SHA-1, SHA-256, SHA-384 or SHA- 512
Digest algorithm: Validity period beginning after 31 Dec 2010 SHA-1*, SHA-256, SHA-384 or SHA-512

Apple
Couldn't find a rule against SHA1 there.
Apple don't mention SHA2 in their root CA requirements. Instead they require a SHA1 fingerprint on the application form.
https://www.apple.com/certificateauthority/ca_program.html But since there are SHA-256 certs already in their store this seems to be a formal detail of the application form only.
See Yosemite included root CA certs here: http://support.apple.com/en-us/HT202858

Mozilla
Couldn't find a rule against SHA1 there.
Mozilla requires a SHA1 fingerprint on the application form. https://wiki.mozilla.org/CA:How_to_apply
And, like with Apple: But since there are SHA-256 certs already inside their store this seems to be a formal detail of the application form only.
See Mozilla included root CA certs here: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/included/

StackzOfZtuff
  • 17,923
  • 1
  • 51
  • 86