On 9/6/2016 04:59, Ben Laurie wrote: > On 1 September 2016 at 11:29, Peter Gutmann <[email protected]> wrote: >> Rob Stradling <[email protected]> writes: >> >>>> I guess it makes them easy to revoke, if a single revocation can kill 313 >>>> certs at once. >>> That's true. >> Hey, WoSign has solved the CRL scalability problem! >> >>> It'd be impossible to revoke (via CRL and/or OCSP) a subset of those 313 >>> certs though. >> I also get the feeling that a lot of PKI software won't handle the revocation >> properly, because they're expecting to revoke *the* certificate, not the >> certificate, and the other certificate, and that other one there too, and >> that >> one in the corner, and ... . In other words I'm assuming most code will >> treat >> serial numbers as unique and assume the revocation acted on when the first >> cert has been marked as invalid. > That seems unlikely to me (in that browsers don't really keep a server > cert database).
Has that changed? I talked with Dan Veditz (at Mozilla) around 5 years ago regarding the fact that NSS had told me of duplicate serial numbers being issued by a single issuer, and that as a result Firefox had refused to permit me to connect to a site and also refused to allow me to examine the certificate or identify it issuer for myself. I had to use OpenSSL to get it. His action item at the time was to increase reportability of those issues to Mozilla, because (paraphrased from his words) "a CA issuing duplicate serial numbers is a violation of all of the specifications and we need to know about it, to figure out what else they're doing wrong". (That was during a conversation where I told him I'd come up with a means of putting multiple end-entity certs into the TLS Certificate message, in a way that proved possession of all of them but which would break strict PKIX formatting of that message's content.) -Kyle H _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
