When Mozilla released Firefox 32 last week, the company removed several root certificates from the trust store for the browser. The move wasn’t because the certificates were fraudulent or the CAs that issued them were compromised, but because the certificates use 1024-bit keys.
This is the first step in a process that Mozilla officials say will provide users with a more secure browsing experience as they encourage organizations to move to 2048-bit RSA keys. The longer keys are more resistant to attack, and many organizations, including Google and Microsoft, have been prodding companies to move away from the shorter keys for the last couple of years. In Firefox 32, Mozilla removed trust for certificates from Entrust, SECOM, GoDaddy, EMC/RSA, Symantec/VeriSign and NetLock. The result is that some organizations may need to get new SSL certificates.
“If you run an SSL-enabled website, this change will not impact you if your certificates and the CAs above it have 2048-bit keys or more. If your SSL certificate has a 1024-bit key, or was issued by a CA with a 1024-bit key, then you will need to get a new SSL certificate, and update the certificates in your Web server. If the intermediate certificate that you are using has a 1024-bit key, then you will need to download the 2048-bit intermediate certificate from the CA, and update the certificate chain in your Web server,” Kathleen Wilson of Mozilla said.
In the coming months, Mozilla plans to phase out root certificates from several other providers, including Thawte, VeriSign, Equifax, and GTE CyberTrust. Later, the company will do the same for root certificates from Equifax.
“We are targeting to complete the migration off of 1024-bit root certificates in the first half of 2015, after which no 1024-bit root certificates will be trusted to identify websites or software makers,” Wilson said.
Last week, researchers at Rapid7 released dataMore that showed the change in trust in Firefox left 107,000 sites untrusted. The change by Mozilla is one of several such initiatives from browser vendors. Google is in the process of phasing out the use of the SHA-1 hash algorithm, and eventually the Chrome browser will no longer trust certificates that are signed with SHA-1.
“The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to besince at least 2005 — 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper,” Google’s Chris Palmer and Ryan Sleevi said.