Re: More SHA-1 certs

Thu, 03 Mar 2016 13:50:31 -0800 

On 03/03/16 15:39, Jeremy Rowley wrote:

The RFC says "misissuance of a precertificate is considered equal to misissuance of 
a final certificate". This raises an interesting question. Pre certificates are not 
required to comply with the Cab forum's BRs as they fall out of scope (not intended to be 
used for TLS authentication).


Jeremy, I have to disagree with you on that point.

The BRs say...
  "7.1.2.5 Application of RFC 5280 
   For purposes of clarification, a Precertificate, as described in
   RFC 6962 - Certificate Transparency, shall not be considered to
   be a “certificate” subject to the requirements of RFC 5280 -
   Internet X.509 Public Key Infrastructure Certificate and Certificate
   Revocation List (CRL) Profile under these Baseline Requirements."


Precertificates must be in scope (for the BRs) for it to be within the 
BRs' remit to declare them to be out of scope for RFC5280!



CT assists with "authenticating servers accessible through the 
Internet", because it helps detect misissued certs.  When CT is 
enforced, you can have increased confidence that the server you've 
connected to is indeed "authentic".



I think it's clear that precertificates _are_ "intended to be used for 
authenticating servers accessible through the Internet" and that they 
are in-scope for the BRs.



Sha1 certs are only considered misissued because the BRs say issuance of a SHA1 
certificate is prohibited. If the certificate is never issued, the misissuance 
never occurred because the precertificate was not missused (no reqs against 
SHA1 precerts) and a certificate in violation of the BRs was never created.


Rob Stradling <rob.stradl...@comodo.com> wrote:

On 03/03/16 04:52, sanjay_m...@symantec.com wrote:

On Wednesday, March 2, 2016 at 7:07:23 AM UTC-8, Rob Stradling wrote:

<snip>

I couldn't help but notice this SHA-1 precertificate issued by Symantec
a couple of days ago:
https://crt.sh/?id=13407116&opt=cablint

<snip>

Rob,


Sanjay, thanks for investigating.


This was a pre-certificate. Our systems do not allow issuance of SHA-1 
certificates and no certificate was issued.


Were you aware that RFC6962 says that "misissuance of the Precertificate
is considered equal to misissuance of the final certificate"?


The pre-certificate was logged but then rejected. We are still investigating.


What do you mean by "...but then rejected"?

Serial number 64:a9:32:73:a4:19:d1:64:3f:6b:2d:a3:ca:97:f0:89 is not
currently listed on the CRL.


--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


























					Reply via email to