Versions Compared

Old Version 5

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 6

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We also discussed the determination of whether the current 2048-bit metadata signing key needs to be replaced. The question is, What would restricting the lifetime of the key prevent? Two vectors of attack were postulated. First, there might be an attack which relies on having large amounts of cypher text available. The more you generate, the more vulnerable you are. However, there are no known attacks of this nature for RSA 2048-bit keys, and the amount of known cypher text is minuscule (at most 5 signings per week for XX years for the current key). Where XX InCommon operations will provide. Second, an attack might exist that relies on sheer computational power. Someone may have theoretically been applying resources over the XX year period to the public key to compute the value of the private key?? We have found no evidence to suggest that this is practical even with today's technology. We conclude that there is currently no reasoned terminus for a 2048-bit key's lifetime. There are practical reasons to limit its life to the year 2038 for other known reasons <http://en.wikipedia.org/wiki/Year_2038_problem>.

RECOMMENDATIONS

1. Create a new policy document to replace the CP/CPS that describes security practices for the protection of the signing key
2. Re-sign the same signing key with a self-signed certificate and do away with the remnants of the old InCommon self-rooted CA. This will reduce confusion. No recommendation for cert lifetime is offered, other than to suggest no longer than 2038 (to avoid the so-called Year 2038 Problem).
3. SimpleSAML.php will have a problem due to a change in the fingerprint as output of entire cert. We will contact the SS developers as well as communicate the migration plan clearly with participants.
4. Communicate with any known users of non-standard implementations. Of note: particularly NSF, NIH, and a call to any using ADFS for known configuration dependencies.
5. Expired Certificates issued by the old InCommon CA still exist in participant MD. We recommend communicating about these old certificates but separately, after the communication about the transition with the signing key's root cert and CA.