On Sun, Sep 04, 2016 at 12:04:21PM +0300, Eddy Nigg wrote: > On 09/02/2016 07:02 PM, Nick Lamb wrote: > > On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote: > > > Lets speak about relying parties - how does this bug affect you? > > As a relying party I am entitled to assume that there is no more than one > > certificate signed by a particular issuer with a certain serial number. If > > I have seen this certificate and verified by whatever means I choose that > > it's OK, then I can safely assume that any time I see a certificate in the > > future signed by that issuer with that same serial number it's the same > > one, and skip the verification process. > > Well, according to the CA policies and relying party terms, you should > always check with the CRL or OCSP responders if a certificate is considered > valid or not. So the verification process shouldn't be skipped beyond the > advertised refresh time (in CRLs/OCSP). > > Of course if you do some sort of certificate pinning based on serial and > issuer, than this wouldn't work. But I'm not aware of any common software > that doesn't use the certificate's public key for pinning and relies just on > a serial numbers.
Pinning on the serial seems wrong. It just means I can replace all the rest in the certificate. I just need to know 1 site you've pinned and can fake a certicate for all the others. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
