Security Experts:

Mozilla Wants 64 Bits of Entropy in Certificate Serial Numbers

Mozilla this week announced an update to its CA Certificate Policy, which now requires the use of 64 bits of entropy in certificate serial numbers.

The change was included in Mozilla’s CA Certificate Policy 2.4.1, and arrives nearly one year after the CA/Browser Forum adopted Ballot 164, which required Certificate Authorities to use greater randomization when issuing certificates, to mitigate collision attacks and make preimage attacks more difficult.

The ballot also proposed replacing entropy with cryptographically secure pseudo-random number generator (CSPRNG). Thus, Section 7.1 of the Baseline Requirements was modified to “Effective September 30, 2016, CAs SHALL generate Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG.”

The change was proposed after it was demonstrated that hash collisions can allow attackers to forge a signature on the certificate of their choosing and that random bits made the security level of a hash function twice as powerful. While adding random bits was encouraged before, the ballot made it a requirement.

The updated CA Certificate Policy also states that CP and CPS documents now need to be submitted to Mozilla each year, in addition to audit statements, and that these documents need to be provided in English starting June 1, 2017. The company also updated the applicable versions of some audit criteria.

Mozilla also notes that submitted documentation must be openly licensed and that the Common CCADB Policy and the Mozilla CCADB Policy are incorporated by reference in Mozilla’s CA Certificate Policy version. Further, the new Common CA Database (CCADB) Policy makes official a number of existing expectations regarding the CCADB, and there are additional requirements on OCSP responses, the company says.

The organization has already sent the CA Communication to the Primary Point of Contact (POC) for each CA and asked them to respond to 14 action items. Additionally, there are discussions in the mozilla.dev.security.policy forum about upcoming changes, questions and clarification about policy and expectations, root certificate inclusion/change requests, that CAs are invited to contribute to.

“With this CA Communication, we re-iterate that participation in Mozilla’s CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve,” the company said.

Related: Mozilla Updates CA Certificate Policy

view counter