Dear Forum, since the 07-07-2017, all new issued D-TRUST TLS-Certificates have at least 64 bits of entropy in the serial number. Since 01-12-2016 D-TRUST TLS certificates requested via our enterprise platform have a serial number which includes at least 64 bits of entropy. We informed the CA-Program Manager about the 3 Month delay in moving the entropy from the "DNqualifier” to the “SerialNumber” via eMail on 27-10-16.
Between 2012 and 06-07-2017 we still produced a smaller number of certificates using our retail platform with additional entropy in the “DNqualifier” field instead of the serial number field, because our certified third party software was not able to handle long serial numbers earlier. We defined this issue as minor nonconformity, because the requirement for entropy in the certificate was fulfilled. On 20-07-17 Mozilla asked D-TRUST for clarification, due to the holiday period this message reached us on 07-08-17, AF answered on 08-08-17 and 10-08-17: “the certificate has 64 bits of entropy in the "DNqualifier" field instead of the serial number field. Since 2012 we used this way of adding random bits to certificates to mitigate preimage attacks. From a security perspective the amount of Entropy in the certificate should be reasonable”. On 10-08-2017 we got the information, that we issued in the Individual Certificate Registration process a certificate with less entropy than 64 bit, Jonathan reported “The DNqualifier appears to have a 33-bit number, not a 64-bit number”. On the 11-08-2017 we defined this case as a major issue, because our internal examinations confirmed, that just using numeric characters causes entropy less than 64 bit. The review with our tool “PKI-watcher” gave the following result of effected certificates: D-TRUST SSL Class 3 CA 1 2009 (607) D-TRUST SSL Class 3 CA 1 EV 2009 (63) As result we confirm to do the following steps and report about the implementation latest until 15-09-2017 • Contact all effected customers, inform them and get the certs replaced (includes revocation) • Improve the security controls for any “Individual Certificate Registration“ with advice from our certification audit body to ensure, that 06-07-17 was the latest date for issuing certs without the 64 bit entropy in serial number and to avoid any other possible technical non compliance to the CA/B-Forum Ballots • Set up a new mechanism for follow and be aware of discussions in the mozilla.dev.security.policy forum • Implement a new version of a CSR-Validator to avoid any wrong encoding • Review the impact of the CA/B-Forum ballots within time possible timeframe for implementation We really regret this strong delay in conformance to the CA/B-Forum and Mozilla requirements. Dr. Martin Riegel COO D-TRUST GmbH Arno Fiedler; Standardization and Consulting _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy