Dear Forum,
since the 07-07-2017, all new issued D-TRUST TLS-Certificates have at least 64
bits of entropy in the serial number.
Since 01-12-2016 D-TRUST TLS certificates requested via our enterprise platform
have a serial number which includes at least 64 bits of entropy. We informed
the CA-Program Manager about the 3 Month delay in moving the entropy from the
"DNqualifier” to the “SerialNumber” via eMail on 27-10-16.
Between 2012 and 06-07-2017 we still produced a smaller number of certificates
using our retail platform with additional entropy in the “DNqualifier” field
instead of the serial number field, because our certified third party software
was not able to handle long serial numbers earlier. We defined this issue as
minor nonconformity, because the requirement for entropy in the certificate was
fulfilled.
On 20-07-17 Mozilla asked D-TRUST for clarification, due to the holiday period
this message reached us on 07-08-17, AF answered on 08-08-17 and 10-08-17: “the
certificate has 64 bits of entropy in the "DNqualifier" field instead of the
serial number field. Since 2012 we used this way of adding random bits to
certificates to mitigate preimage attacks. From a security perspective the
amount of Entropy in the certificate should be reasonable”.
On 10-08-2017 we got the information, that we issued in the Individual
Certificate Registration process a certificate with less entropy than 64 bit,
Jonathan reported “The DNqualifier appears to have a 33-bit number, not a
64-bit number”.
On the 11-08-2017 we defined this case as a major issue, because our internal
examinations confirmed, that just using numeric characters causes entropy less
than 64 bit.
The review with our tool “PKI-watcher” gave the following result of effected
certificates:
D-TRUST SSL Class 3 CA 1 2009 (607)
D-TRUST SSL Class 3 CA 1 EV 2009 (63)
As result we confirm to do the following steps and report about the
implementation latest until 15-09-2017
• Contact all effected customers, inform them and get the certs replaced
(includes revocation)
• Improve the security controls for any “Individual Certificate
Registration“ with advice from our certification audit body to ensure, that
06-07-17 was the latest date for issuing certs without the 64 bit entropy in
serial number and to avoid any other possible technical non compliance to the
CA/B-Forum Ballots
• Set up a new mechanism for follow and be aware of discussions in the
mozilla.dev.security.policy forum
• Implement a new version of a CSR-Validator to avoid any wrong encoding
• Review the impact of the CA/B-Forum ballots within time possible
timeframe for implementation
We really regret this strong delay in conformance to the CA/B-Forum and Mozilla
requirements.
Dr. Martin Riegel COO D-TRUST GmbH
Arno Fiedler; Standardization and Consulting
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
