The EV Guidelines require certificates issued for .onion include the cabf-TorServiceDescriptor extension, defined in the EV Guidelines, as part of these certificates. This is required by Section 11.7.1 (1) of the EV Guidelines, reading: "For a Certificate issued to a Domain Name with .onion in the right-most label of the Domain Name, the CA SHALL confirm that, as of the date the Certificate was issued, the Applicant’s control over the .onion Domain Name in accordance with Appendix F. "
The intent was to prevent collisions in .onion names due to the use of a truncated SHA-1 hash collision with distinct keys, as that would allow two parties to respond on the hidden service address using the same key. Last week, a SHA-1 collision was announced. In examining the .onion precertificates DigiCert has logged, available at https://crt.sh/?q=facebookcorewwwi.onion , I could not find a single one bearing this extension, which suggests these are all misissued certificates and violations of the EV Guidelines. During a past discussion of precertificates, at https://groups.google.com/d/msg/mozilla.dev.security.policy/siHOXppxE9k/0PLPVcktBAAJ , Mozilla did not discuss whether or not it considered precertificates misissuance, although one module peer (hi! it's me!) suggested they were. This interpretation seems consistent with the discussions during the WoSign issues, as some of those certificates examined were logged precertificates. Have I missed something in examining these certificates? Am I correct that they appear to be violations? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy