You are right, you have done the test same as my test, this don't mean you own our intermediate CA root key.
For CSR, yes, our system doesn't validate the CSR self-signature. We think it is better to validate it, so we will update our system to validate it soon. For this test certificate revocation time, yes, it is same as the issuance time. Our PKI system can let the Revocation Office to choose the revocation time: (1) same as the issuance time; (2) the current time. Option (1) is designed for invaliding the malware signing code signing certificate instantly if the malware signed with timestamp. If we revoke the malware signing code signing certificate using Option (2) (the current time), then the signed malware with timestamp is still valid even the certificate is revoked. Sure, we can use Option (1) to revoke SSL certificate like my test certificate to let nobody have the chance to use this test certificate. Thank you. Best Regards, Richard -----Original Message----- From: dev-security-policy [mailto:[email protected]] On Behalf Of Andrew Ayer Sent: Friday, December 16, 2016 12:33 AM To: Tavis Ormandy <[email protected]> Cc: [email protected] Subject: Re: CA Public Key Material On Wed, 14 Dec 2016 18:46:31 -0800 Tavis Ormandy <[email protected]> wrote: > Hello, while working on an unrelated problem, I happened to notice > that this <https://crt.sh/?id=30316154> leaf certificate for > DNS:test.wgh.cn and DNS: test.ydn.cn has the same RSA public key as > this trusted root <https://crt.sh/?id=9329287> (and a few others). > > test.wgh.cn no longer resolves, but wgh.cn is the personal blog of a > WoSign employee. Do you know if test.wgh.cn ever resolved? > Is it possible key material was accidentally used in a web server and > removed from a HSM? Maybe there's another explanation, but if there > was an accident, I assume the root would need to be revoked. I was just able to obtain the below certificate (https://crt.sh/?sha256=9d28d7861ef9a0750f7bb95ee9c765d2610fab41fdd7f2142986 d2e8f2a0c7da) from StartCom for this public key. StartCom evidently does not validate the CSR self-signature, and I suspect WoSign didn't either, since they shared so much code and infrastructure. (StartCom appears to still share infrastructure - the validation email for this certificate originated from a Chinese IP address.) Validating the CSR self-signature is not required by the BRs or Mozilla policy. This is probably more likely than the CA private key being used for a server cert, although this is WoSign, so who knows? Regards, Andrew _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
