There is a lot of talk these days about Google’s decision to accelerate the deprecation of SHA-1, and IBM Domino’s lack of support for SHA-2Â . Â Right off lets get this straight IBM absolutely should have plans to add SHA-2 support in Domino and an implementation date should be communicated ASAP. Â At the same time the pressure should really be on Google to back down from what is an arbitrary deadline they announced out of the blue, and to support the previously announced 2017 date for the deprecation of SHA-1.
While it is easy to blame IBM here (and again IBM needs to communicate a date they will support SHA-2 in Domino) the immediate deprecation by Google is an arbitrary move that does not have a lot of support.
Some facts
- Microsoft previously announced their plans to deprecate SHA-1 in 2017
- Currently 92% of certificates on the Internet are SHA-1 signed
- Google then decided to begin deprecating SHA-1 in November of this year
- SHA-1 has not been compromised or hacked
- Google as an Intermediate CA is issuing them with SHA-1 (but their deprecation policy exempts their own certificates)
Here is a statement from the CA Security CouncilÂ
Although the CA Security Council (CASC), comprised of the seven largest Certificate Authorities, supports migration to SHA-2, members are concerned about the impact on website users and administrators alike. Considering many users may still use software lacking SHA-2 support, primarily Windows XP SP2, and the still unknown impact on a complete SHA-1 migration, this 12 week timeline is aggressive. In addition, many devices still lack SHA-2 support, making necessary possibly unplanned and expensive upgrades.
With fall shopping season nearly here, this policy may be particularly concerning for small internet stores, which could be impacted just before the holiday rush. Because many large sites have lockdown periods leading up to the end of the year, companies that have not transitioned may find themselves restricted from making the move until January, or beyond, due to lack of SHA-2 support. Although a migration to SHA-2 is necessary as computing power increases, because of the significant impact in migration and the lack of a practical attack until 2018, the CASC members recommends thetimelines announced by Microsoft in November 2013, which deprecate SHA-1 in code signing certificates by January 1, 2016 and in SSL certificates by January 1, 2017.
If you want a clear explanation on all this, listen to what Steve Gibson has to say about it on Security Now (If it does not begin there automatically pick up the podcast at 48:37 for the SHA-1 discussion)
For the record Microsoft has already started deprecating SHA-1 on some of their operating systems.
There is no question SHA-1 is being deprecated it is a question of timing, it seems that Google arbitrarily decided in November – at least right now there seems to be no valid technical or other reason why, and Domino or not it seems like there are a whole bunch of people (including the certificate issuers) who would struggle to meet Google’s deadline
It might be more fair to say there is no “…no valid technical or other reason why…”
It might be more fair to say there is no “…no {publicly known} valid technical or other reason why…”
Does the name Edward Snowden mean anything to you?
Gee… I’ve never heard that name, Nathan… But when you have access to the source documents to copy and stash away, it really doesn’t matter how they’re encrypted to the rest of the world.
Mitch isn’t making the point that we don’t need to move on from SHA-1, just the timing of it considering who is forcing the move.
And because I figure the next step is some book length response from you on things I really don’t care to discuss or take up with you, you can save your time and breath. I don’t plan on carrying on this conversation any further than this.
“I don’t plan on carrying on this conversation any further than this.”
That’s okay, Tom, I wasn’t talking to you anyway.
Among the details that Snowden revealed was the NSA compromise of Google’s INTERNAL network through hardwire MitM attacks. If Google internally secured that traffic with SHA-1, then they would know it was vulnerable. Given their reported fury over the security compromise, it would then make sense for them not only to upgrade their own practices, but push the market to do the same. Of course they would be legally prohibited from explaining their motives.
Hopefully that wasn’t too long a book for Mr. Duff.
While Google is hurrying this up, let’s be serious about this.
My reading/understanding of TLS 1.2 is that it requires SHA256. The TLS 1.2 RFC is from 2008, if IBM had been … even leisurely … keeping Domino’s security stack up to date, this wouldn’t been an issue for us.
,,, and having TLS 1.2 helps SMTP TLS negotiations, and pretty much the whole pile of acronyms that Domino supports (LDAP, POP, IMAP, etc). Not to even mention some of the things that IBM should have been incrementally adding, like DKIM support and so on.
An aside, I do have to agree that I think, clearly, Google “knows something” that they can’t discuss. I really don’t think they’d do this unless they *know* SHA1 is actively insecure.
… and most likely IBM “knows something”, too.
But IBM “don’t care.”
Craig brings up a good point about the RFC being from 2008. And that brings up another point about how long IBM has been sitting on this. APAR LO48388 (http://www-01.ibm.com/support/docview.wss?uid=swg1LO48388) covers this issue: “Customer uses SSL on the Domino server. Wants to use SHA-2 for
security reasons but Domino does not support SHA-2,” That APAR is for “Software version: 7.0.1”. That means that IBM has not addressed this request since at least 2006. There have been a total of 44 software releases since then (either something like 8.0, the point releases like 8.0.2, or Fixpacks on top of those point releases like 8.0.2 FP6).
Thankfully, IBM has recently received heat for this and may be fixing it.
But let’s also not stray too far away from the point of this post about Google appearing to be strongarming the industry. Yes, they will do that. However, Google is just making Chrome not honor as valid any SHA-1 certificates past January 2017. They’re still honoring the 2017 deprecation date, but they’re putting that code in their browser now to warn people. And Mozilla just issued a statement yesterday on this as well – they’re basically doing the same thing as Google. https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/.
Nothing will break in November of this year, but this basically gives IBM a 2 year window to provide us with a true solution other than “use IHS for Domino (only for Windows)” or “use a front-end sprayer”.
I contacted an IBM product manager yesterday and he said that they are well aware of the problem and will be responding soon. I stressed that our community needs to hear this as soon as possible.
[…] will be marking web sites protected by SHA-1 SSL certificates as suspect. This is not happening for some time but some suppliers have already stopped offering SHA-1 based SSL certificates. I suspect a lot more […]
[…] will be marking web sites protected by SHA-1 SSL certificates as suspect. This is not happening for some time but some suppliers have already stopped offering SHA-1 based SSL certificates. I suspect a lot more […]