CA-DAY Michael Kranawetter, Chief Security Advisor (Tom Albertson, Security Program Manager) Microsoft

Transcription

1 CA-DAY 2014 Michael Kranawetter, Chief Security Advisor (Tom Albertson, Security Program Manager) Microsoft

2 Microsoft s Root Program in 2014

3 New Technical Requirements Published in November 2013 First major revision since 2009 Housekeeping RSA 1024 Removal SHA1 Deprecation Policy Audit Policy Most new technical requirements are already addressed by most CAs. We extend certain requirements from root certificates to intermediates and end-entity certificates require that members apply appropriate restrictions to their entire certificate chains, not only attributes

4 Housekeeping Issues More Root Certificates Allowed per CA Before: 3 roots / CA (due to XP and Server 2003) Now: 3 roots per algorithm type per CA brand (e.g ) Business Justification for all EKUs No business, no EKU. Removing unused EKUs in 2014 Algorithm Policies Minimum RSA 2048, Migration to SHA-2 begins in earnest Certificate Attributes separate SSL and Code Signing EKUs, no more mixing of EKUs OCSP required for revocation of end-entity certificates, no CRLs anymore No conflicts with the Baseline Requirements Except for our SHA1 deprecation policy No requirement for the CAB Forum to monitor CA activities

5 Housekeeping How Will We Ensure Compliance? (read) Certificate Reputation / Certificate Hygiene (Telemetry) As CAs issue certificates outside our requirements, we will bring them to their attention: notify, mitigate. CAs will issue better certs, better BR compliance Consequences for repeat offenders Audits can only selectively verify compliance with any criteria (<4% of transactions) Certificate Reputation samples from as much as 99% of actual transactions, identifies discrepancies, seeks CA mitigation against continued issuance

6 Transition from RSA 1024 CA industry had a general deadline to abandon RSA 1024 certificates by the end of 2013, and migrate to RSA In January 2014 we see only a few new RSA 1024 certificates issued 3-5 Years notice that RSA 1024 would not be recognized on Windows NIST added 3 years to their RSA 1024 forecast, is no longer adding measurable amounts of time CAs have transitioned away from issuing RSA 1024 (good) There remain thousands of still time valid RSA 1024 certs, many expiring in 2014 Significant RSA 1024 remain time valid and trusted by publicly trusted root CAs

7 Transition from RSA 1024 How Will We Ensure Compliance? RSA 1024 root certificate deprecation Root certs remain in distribution, remove all except code signing and time stamping EKUs (no longer valid for other uses e.g. SSL) Monitor telemetry for low or no incidence of RSA 1024 for code signing Remove root certs from distribution by the Program in 2014 If RSA 1024 is compromised before root cert removal, we can disallow all RSA 1024 via the Weak Crypto Framework, and remove root certs

8 SHA-1 Deprecation (SHA-2 Migration) Security advisories (NIST) have sought migration to SHA2 algorithm by 2013, like RSA 1024 Yet 98%+ of installed base remain SHA1 certificates Microsoft requirement seeks migration to SHA2 by 1 Jan 2016 (no SHA1 for code) Windows will cease to recognize SHA1 after 1 Jan 2017 (no SHA1 for SSL) Dilemma is shared by customers who still seek SHA1 and CAs who still issue them

9 New Audit Policy For our root program, member CAs are now required to complete audits that incorporate the CA Browser Forum Baseline Requirements (BR) v1.x (WebTrust for CAs, ETSI ) We are phasing out the audit equivalency exception for government CAs 2007: government could conduct audit according to local law or regulation (ecommerce or e-signature laws) 2014: governments will transition to BR-based audits: WebTrust, ETSI, or local law or regulation audit with BR criteria Many government CAs are already audited by WebTrust and ETSI criteria Three year transition period (until Jan 2017) Adequate time to communicate with government CAs and ensure compliance with new requirement

10 A Look Ahead to 2014 CA Risk Reduction Increasing segregation of use (SSL, Code signing) at the root or intermediate CA level Complete root rollover from RSA 1024 roots Increase SHA2 cert issuance Adoption of telemetry as measure of CA performance New Attacks on CA Infrastructure are possible

11 Questions? Windows Root Certificate Program Weak Crypto Framework Tom Albertson Program Manager, Windows Root Certificate Program

12 A Disciplined Approach to Key Management Technology alone cannot provide ultimate security. Strong key management disciplines are critical to any security strategy.

13 Michael Kranawetter Head of Information Security Chief Security Advisor Microsoft Deutschland GmbH