Baseline Requirements section 7.1 says:
> Effective September 30, 2016, CAs SHALL generate non‐sequential Certificate
> serial numbers greater than zero (0) containing at least 64 bits of output
> from a CSPRNG.
There are 1027 unexpired unrevoked certificates known to CT with a notBefore
date greater than or equal to 2016-09-30 that are trusted by NSS for server
authentication and have a serial number that has less than 64 bits of entropy.
The full list can be found here: https://misissued.com/batch/6/
Some of these were brought up in a previous thread, but I though a
comprehensive picture of this issue would be helpful.
I’ve included a breakdown at the end of this email, and here are a few things
that stood out to me while researching this:
- The "Cihaz Sertifikası Hizmet Sağlayıcı - Sürüm 4” intermediate appears to
use randomly generated 48-bit numbers.
- Three intermediates, "TeleSec ServerPass Class 2 CA”, "Go Daddy Secure
Certificate Authority - G2”, and "Starfield Secure Certificate Authority - G2”,
(which are not in this list) appear to issue certificates with serial numbers
that are based on exactly 64 bits of entropy. This means that a small
percentage of the certificates that they issue have serial numbers that are
smaller than 8 bytes, requiring additional filtering to avoid false positives.
It would be helpful if the policy was adjusted to require serial numbers always
be at least 8 bytes before DER encoding to avoid these false positives.
Siemens Issuing CA Internet Server 2016 (560)
D-TRUST SSL Class 3 CA 1 2009 (178)
D-TRUST SSL Class 3 CA 1 EV 2009 (45)
D-TRUST Root Class 3 CA 2 EV 2009 (1)
Siemens Issuing CA Class Internet Server 2013 (82)
InfoCert Web Certification Authority (3)
Izenpe S.A. (62)
EAEko Herri Administrazioen CA - CA AAPP Vascas (2) (62)
Government of The Netherlands, PKIoverheid (Logius) (55)
Digidentity Services CA - G2 (55)
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) (38)
Cihaz Sertifikası Hizmet Sağlayıcı - Sürüm 4 (38)
dev-security-policy mailing list