Dear Mozilla Security Policy Community,

Thanks for the advice about the short serial numbers and apologies for the 
delayed response. 

Since 2016, all D-TRUST TLS certificates based on electronic Certificate 
Requests have a certificate serial number which includes 64 bits of entropy. 

Between 2012 and July 6th, 2017 we produced a small number of certificates with 
 paper-based Certificate Registration Requests using 64 bits of entropy in the 
“DNqualifier” field instead of the serial number field. 

Since the 7th of July, 2017, all D-TRUST TLS-Certificates have 64 bits of 
entropy in the serial number.

I hope this helps and please do not hesitate to contact us if there are any 
further questions.

Best regards
Arno Fiedler
Standardization & Consulting
Bundesdruckerei GmbH
Kommandantenstraße 18 · 10969 Berlin · Deutschland



Am Mittwoch, 19. Juli 2017 00:26:16 UTC+2 schrieb Charles Reiss:
> https://crt.sh/?id=174827359 is a certificate issued by D-TRUST SSL 
> Class 3 CA 1 2009 containing the DNS SAN 
> 'www.lbv-gis.brandenburg.de/lbvagszit' (containing a '/') with a 
> notBefore in April 2017.
> 
> The certificate also seems to have a short certificate serial number, 
> which cannot include 64 bits of entropy. Many certificates issued by 
> this CA appears to use large serial numbers (e.g. [1]). But there are 
> certificates with much shorter sequential-looking serial numbers with 
> notBefores shortly before [2] and after [3] this certificate's and as 
> recent as 4 July 2017 [4].
> 
> [1] https://crt.sh/?id=137090990 , https://crt.sh/?id=124715040
> [2] 
> https://censys.io/certificates/4445455caca3e9cf2ab2b673304487cb220871aa6d5ac1bf03827f74609c3646
> [3] 
> https://censys.io/certificates/8d08033efe732e8fb6c2f3257c52b500af991bd1f363ffd6e29ec1812a943cd9
> [4] https://crt.sh/?id=173758922
> 
> 
> I did a cursory check on censys.io to see if there were other cases of 
> short serial numbers in certificates with recent notBefores that are 
> trusted by Mozilla:
> 
> - Digidentity Services CA - G2 (https://crt.sh/?caid=868 ; chains to 
> Staat der Nederlanden Root CA - G2) has issued certificates which serial 
> numbers that appear to be of the form 0x10000000 + sequential counter 
> with notBefores as recent as 8 June 2017.
> 
> - Siemens Issuing CA Internet Server 2016 (https://crt.sh/?caid=26087 ; 
> chains to QuoVadis Root CA 2 G3) has issued certificates with 4-byte 
> serial numbers with notBefores as recent as 11 July 2017, though they do 
> not appear to be assigned sequentially.
> 
> D-Trust and QuoVadis both indicated no problems complying with version 
> 2.4.1 of Mozilla's certificate policies (which requires, among other 
> things, 64 bits of serial number entropy) by 1 June 2017 when they 
> replied to Mozilla's April CA communication. The Government of the 
> Netherlands indicated they needed a delay for CPS translation only.

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to