Mozilla RSA-PSS policy

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Mozilla RSA-PSS policy

Hubert Kario
In response to comment made by Gervase Markham[1], pointing out that Mozilla
doesn't have an official RSA-PSS usage policy.

This is the thread to discuss it and make a proposal that could be later
included in Mozilla Root Store Policy[2]

I'm proposing the following additions to the Policy (leaving out exactly which
sections this needs to be added, as that's better left for the end of
discussion):

 - RSA keys can be used to make RSASSA-PKCS#1 v1.5 or RSASSA-PSS signatures on
issued certificates
 - certificates containing RSA parameters can be limited to perform RSASSA-PSS
signatures only by specifying the X.509 Subject Public Key Info algorithm
identifier to RSA-PSS algorithm
 - end-entity certificates must not include RSA-PSS parameters in the Public
Key Info Algorithm Identifier - that is, they must not be limited to creating
signatures with only one specific hash algorithm
 - issuing certificates may include RSA-PSS parameters in the Public Key Info
Algorithm Identifier, it's recommended that the hash selected matches the
security of the key
 - signature hash and the hash used for mask generation must be the same both
in public key parameters in certificate and in signature parameters
 - the salt length must equal at least 32 for SHA-256, 48 for SHA-384 and 64
bytes for SHA-512
 - SHA-1 and SHA-224 are not acceptable for use with RSA-PSS algorithm

 1 - https://bugzilla.mozilla.org/show_bug.cgi?id=1400844#c15
 2 - https://www.mozilla.org/en-US/about/governance/policies/security-group/
certs/policy/
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Mozilla RSA-PSS policy

Ryan Sleevi-5
Hi Hubert,

Did you mean this for
https://groups.google.com/forum/#!forum/mozilla.dev.security.policy ?


On Tue, Nov 21, 2017 at 9:26 AM, Hubert Kario <[hidden email]> wrote:

> In response to comment made by Gervase Markham[1], pointing out that
> Mozilla
> doesn't have an official RSA-PSS usage policy.
>
> This is the thread to discuss it and make a proposal that could be later
> included in Mozilla Root Store Policy[2]
>
> I'm proposing the following additions to the Policy (leaving out exactly
> which
> sections this needs to be added, as that's better left for the end of
> discussion):
>
>  - RSA keys can be used to make RSASSA-PKCS#1 v1.5 or RSASSA-PSS
> signatures on
> issued certificates
>  - certificates containing RSA parameters can be limited to perform
> RSASSA-PSS
> signatures only by specifying the X.509 Subject Public Key Info algorithm
> identifier to RSA-PSS algorithm
>  - end-entity certificates must not include RSA-PSS parameters in the
> Public
> Key Info Algorithm Identifier - that is, they must not be limited to
> creating
> signatures with only one specific hash algorithm
>  - issuing certificates may include RSA-PSS parameters in the Public Key
> Info
> Algorithm Identifier, it's recommended that the hash selected matches the
> security of the key
>  - signature hash and the hash used for mask generation must be the same
> both
> in public key parameters in certificate and in signature parameters
>  - the salt length must equal at least 32 for SHA-256, 48 for SHA-384 and
> 64
> bytes for SHA-512
>  - SHA-1 and SHA-224 are not acceptable for use with RSA-PSS algorithm
>
>  1 - https://bugzilla.mozilla.org/show_bug.cgi?id=1400844#c15
>  2 - https://www.mozilla.org/en-US/about/governance/policies/
> security-group/
> certs/policy/
> --
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto