On 02/12/16 14:26, Christoph Klein wrote: > Dear All! > > Thank you for contributing in our discussion and illustrate some > existing problems with our certificates. I would like to address the > stated points seperatley. [snip] > * 20 Bits of Entropy: the Serialnumber included in the Subject of our > SSL - certificatges is randomly generated
When you reissue a certificate for the same subject, you appear to reuse the same serial number (see, e.g., https://crt.sh/?id=12740856 and https://crt.sh/?id=1659927). This makes sense for a subject's serial number, but means that the random value does not serve the purpose of making chosen-prefix collision attacks more difficult when a subscriber requests a renewed certificate. Also, in EV certificates, this subject serialNumber field number field represents the registration number of the subject, so those certificates do not seem to have added entropy at all. > > * V Clause (X): We analyzed this problem and found an issue, where > the variable wasn't transfered into the final certificate. This bug > has been around since our first issued EV certificate and wasn't > noticed until now. The problem is fixed, new certificates will > replace the x with the proper letter. Given that every EV certificate you issued had this error, and you have been issuing EV certificates since at least 2013 (from your old root), how was this error not detected by the self-audit you are required to perform of 'a randomly selected sample of at least three percent of the EV Certificates'? [snip] _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
