Mozilla has decided to allow Symantec to issue nine new SSL certificates signed using the SHA-1 cryptographic hash function to payment processor Worldpay after the company failed to upgrade devices in time.
Worldpay approached Mozilla and other web browser vendors through Symantec, its certificate authority (CA), claiming that it forgot to renew some SHA-1 server certificates before December 31, 2015, the last day on which such certificates could be issued.
Worldpay has started transitioning to SHA-2, but the process has not been completed for part of its infrastructure. Without the new SHA-1 certificates, the company estimates that more than 10,000 payment terminals across the world will stop working.
After an internal debate, Mozilla has decided to comply with the request if certain conditions are met. First of all, the certificates cannot be issued for other domains than the ones specifically requested by Symantec, and they must be submitted to certificate transparency logs.
Furthermore, the lifetime of the issued SHA-1 certificates must not exceed 90 days and they cannot be extended beyond December 31. Worldpay can request the certificates to be reissued, but it must do it at least two weeks in advance, and Mozilla might change its conditions or deem the certificates unacceptable.
“This authorization means that Symantec can issue SHA-1 certificates that will enable Worldpay’s devices to keep operating a while longer, and that issuance will not be regarded by Mozilla as a defect. This decision only affects the Mozilla root program; other root programs may still consider the issuance of these certificates to be a mis-issuance,” Richard Barnes, Firefox security lead at Mozilla, said in a blog post.
Not everyone is happy with the decision. Former Mozilla employee Brian Smith noted that through its decision, the company has “effectively reversed the economic incentives for CAs so that it is profitable to go against Mozilla's initiatives to improve web security. And, in the course of doing so, Mozilla has damaged its own credibility and reduced leverage in enforcing its CA policies going forward.”
It’s unclear if Apple, Microsoft and Google will accept Symantec’s certificates or if they will stand by their decision to ban SHA-1 certificates issued after January 1, 2016.
“We understand that there are payment processing organizations other than Worldpay that continue to have similar requirements for SHA-1 — either within the Web PKI or outside it. It is disappointing that these organizations are putting the public’s data at risk by using a weak, outdated security technology,” Barnes said.
As SHA-1 has become increasingly easy and cheap to attack, all major web browser developers have announced plans to gradually kill the cryptographic hash function until January 1, 2017, although some vendors could do it even sooner.
Firefox started rejecting new certificates signed with SHA-1 on January 1, 2016, but Mozilla released an update on January 6 after learning that security scanners, antivirus products and other “man-in-the-middle” devices could not access HTTPS websites due to this change.
Twitter, Facebook and CloudFlare hope to convince the industry to keep SHA-1 alive for a little while longer, arguing that many users who rely on older browsers that don’t support SHA-2 will be prevented from accessing websites.