On Wed, Aug 31, 2016 at 09:29:20AM +0200, Kurt Roeckx wrote: > On 2016-08-31 04:56, Peter Bowen wrote: > >In reviewing the Certificate Transparency logs, I noticed the StartCom > >has issued multiple certificates with identical serial numbers and > >identical issuer names. > > > >https://crt.sh/?serial=14DCA8 (2014-12-07) > >https://crt.sh/?serial=04FF5D653668DB (2015-01-05) > >https://crt.sh/?serial=052D14BA553ED0 (2015-02-07) > >https://crt.sh/?serial=05B42A4FE11129 (2015-05-17) > >https://crt.sh/?serial=0615C666E8C56E (2015-08-05) > >https://crt.sh/?serial=0693A7FCC84DD3 (2015-11-10) > > That's: > https://bugzilla.mozilla.org/show_bug.cgi?id=1029884
That bug appears to pre-date *all* of the certificates listed above. Further, the last communication on that bug (2014-09-22), from Eddy Nigg (of StartCom), said: > It's a hard and software related capacity issue of the queue managing the > certificates and the real solution will be only available after a hardware > upgrade we are planning for Nov-Dec this year. So that's presumably Nov-Dec 2014... and 12 months later, duplicate serial numbers were still appearing. It's somewhat disconcerting that the response from StartCom in that bug report was, essentially, a mixture of, "it's not our fault, the software did it" and "ain't no thang". To me, that isn't a particularly useful attitude for a CA operator. The correctness of the software which is deployed is of *crucial* importance to the trustworthiness of a CA. Is anyone aware of any attempts by StartCom to proactively report these BR violations to Mozilla or any other trust store operator, at or around the time of issuance? I don't see any mention of the 2015 misissuances in the most recent BR audit report (https://startssl.com/ey-webtrust-br.pdf), either. Does this mean that StartCom were unaware that they had issued these duplicate certificates, despite having a history of doing so, or did they mislead their auditors? Also, given the number of collisions, what sort of cert volume would StartCom need to be moving in order for these collisions to occur if they were providing the BR-recommended (and Mozilla-mandated) 20 bits of entropy? Anyone with better stats skills than I want to take a stab at that? Overall, the laissez faire attitude towards these problems by StartCom *really* doesn't fill me with confidence. - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
