回顧 Let's Encrypt 將在六月停止 cross-signed chain 的消息

因為收到 Cloudflare 的信,關於 Let's Encrypt 的 cross-signed chain 將在今年九月底過期的計畫,Cloudflare 這邊也有一些配合的措施會進行:

Let’s Encrypt announced that the cross-signed chain is set to expire on September 30th, 2024. As a result, Cloudflare will stop issuing certificates from the cross-signed CA chain on May 15th, 2024.

去年七月的時候 Let's Encrypt 拿的是去年五月底的資料說明 (2023/05/31),這邊會看 Android 7.1+ 的佔比,當時到了 93.9%。

會看 Android 7.1 是因為從這個版本開始預設就有內建 ISRG Root X1,而不需要 IdenTrust 的 cross-sign chain 了:

剛剛開了 Android Studio 來看,最近一次更新 Android 市占率的資料是去年十月初 (2023/10/01),到 95.0% 了:

也許到九月底的時候有 97%+ 甚至 98%+ coverage,但 Android 的基數還是太大,就算到 98%+ coverage,預期到時候的影響應該還是不小,會不會再簽一年...?

Let's Encrypt 的 Embed SCT 支援

翻到 Let's EncryptUpcoming Features 時看到:

Embed SCT receipts in certificates
ETA: February, 2018

對 Embed SCT 不熟,所以查了查這個功能。

這指的是在簽發 SSL certficiate 後,把資料丟給 Certificate Transparency (CT) 伺服器後,伺服器會提供 signed certificate timestamp (SCT);而這個資料放到 SSL certificate 內叫做 Embed SCT:(出自 CT 的 FAQ)

What is an SCT?
An SCT is a signed certificate timestamp. When a certificate authority or a server operator submits a certificate to a log, the log responds with an SCT. An SCT is essentially a promise that the log server will add the certificate to the log in a specific time. The time, known as the maximum merge delay (MMD), helps ensure that certificates are added to logs in a reasonable time. The SCT accompanies the certificate until the certificate is revoked. A TLS server must present the SCT to a TLS client (along with the SSL certificate) during the TLS handshake.

當使用 ECC 時會小於 100 bytes:

How big is an SCT?
SCTs are less than 100 bytes, assuming elliptic curve signatures are used.

這樣才能試著解釋前幾天提到要拔掉 HPKP 的事情:「Chromium 內提案移除 HPKP (HTTP Public Key Pinning)」,也就是為什麼他們是提 CT 解,而不是 DNS CAA 解...

不過我記得 CT server 可以自己架自己 submit 不是嗎?後來有另外規定一定要用第三方的嗎?這樣又很怪...

Comodo 取消對 WoSign CA 的 Cross-signed

剛剛看到 ComodoRob Stradling 在群組上說明了 Comodo 透過 CRLOCSP 取消對 WoSign CA 的 cross-signed:「Incidents involving the CA WoSign」。

Today we have revoked (via CRL and OCSP) all 3 of the cross-certificates that we'd issued to WoSign:

https://crt.sh/?id=3223853
https://crt.sh/?id=12716343
https://crt.sh/?id=12716433

See also:
https://bugzilla.mozilla.org/show_bug.cgi?id=906611#c2

然後另外也看到在倫敦與 Qihoo 360StartCom 以及 WoSign 的會面也已經結束了,接下來 Mozilla 會討論新的計畫後更新上來:「WoSign and StartCom: next steps」。

OpenBSD 要支援 signed package 了...

Slashdot 上看到 OpenBSD 要支援 signed package 的消息:「OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto」。

使用的演算法是 djbEd25519,是基於橢圓曲線密碼系統的演算法。演算法名稱取自 2255-19 這個參數。

[ed25519] 23pp. (PDF) Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang. High-speed high-security signatures. Journal of Cryptographic Engineering 2 (2012), 77–89. Document ID: a1a62a2f76d23f65d622484ddd09caf8. URL: http://cr.yp.to/papers.html#ed25519. Date: 2011.09.26.

意外發現魯教授的名字出現在列表上...