Ballot SC059v2: Weak key guidance

Ballot overview

• Ballot SC059v2: Weak key guidance (Server Certificate Working Group) proposes updates to the Baseline Requirements for issuance and management of publicly-trusted certificates.
• The updates focus on identifying and revoking certificates whose private keys were generated in ways that may make them susceptible to easy decryption, specifically addressing Debian weak keys, ROCA, and Close Primes Vulnerability.

Key proposed changes (as reflected in the provided redline diff)

• Revocation trigger wording update: updates the condition describing when the CA is made aware of a demonstrated or proven method that can easily compute a private key based on the public key.
• Rejection guidance for weak keys:
  • Adds a requirement that for requests submitted on or after November 15, 2023, the CA SHALL implement precautions when the public key corresponds to an industry-demonstrated weak private key.
  • ROCA: the CA SHALL reject keys identified by tools available at https://github.com/crocs-muni/roca or equivalent.
  • Debian weak keys: the CA SHALL reject at least keys generated by the flawed OpenSSL version with specified parameter combinations.
  • Close Primes vulnerability: the CA SHALL reject weak keys that can be factored within 100 rounds using Fermat’s factorization method.
  • Includes a pointer to suggested tools for checking for weak keys at https://cabforum.org/resources/tools/

Voting and adoption status

• Certificate Issuer category: 4 YES vs 14 NO (2/3 requirement NOT MET), so the ballot was not adopted.
• Certificate Consumer category: 2 YES vs 0 NO (50%+1 requirement MET).
• Category participation: at least one voting member in each category voted in favor (requirement MET).
• The ballot page indicates current_status: failed.