Thank you for this incident report. I have created https://bugzilla.mozilla.org/show_bug.cgi?id=1535871 to track this issue.
- Wayne On Wed, Mar 13, 2019 at 9:56 AM Berge, J. van den (Jochem) - Logius via dev-security-policy <[email protected]> wrote: > Hello MDSP, > > Logius PKIoverheid wants to report a potential issue that we've found with > one of our TSPs issuing certificates under the Staat der Nederlanden Root > CAs > > All times are in UTC +1 > ________________________________ > > 1. How your CA first became aware of the problem (e.g. via a > problem report submitted to your Problem Reporting Mechanism, a discussion > in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), > and the time and date. > > 3/8/2019 12.30, due to reviewing discussions in > mozilla.dev.security.policy. > > 2. A timeline of the actions your CA took in response. A timeline > is a date-and-time-stamped sequence of all relevant events. This may > include events before the incident was reported, such as when a particular > requirement became applicable, or a document changed, or a bug was > introduced, or an audit was done. > > > 30/9/2016 Ballot 364 came into effect. The CP of Logius PKIoverheid > already stipulated the use of 64-bit serial numbers and as such, no change > was deemed necessary to the CP. Our CP (Programme of Requirements) is a > baseline document, stating the absolute minimum. This ballot predates the > incident which PKIoverheid had about serial numbers with one of her other > TSP's in 2017 [1]. Measures which were taken then didn't apply > retroactively. > > 3/8/2019 12.30 While reading MSDP the Logius PKIoverheid started an > investigation if it was possible that her TSP's had this > implementation/interpretation issue > > 3/8/2019 13.15 Logius PKIoverheid suspects that this issue could > potentially impact one or more of the TSPs under PKIoverheid. Logius > PKIoverheid asked the TSP KPN to launch an investigation if said issue was > applicable to certificates issued by KPN. > > 3/11/2019 09:53 Logius PKIoverheid asked KPN for an update following > statements from both Google and Mozilla representatives stating that in > their view the matter as reported by several other CAs violates the BRG. > > 3/11/2019 16:55 KPN answers that this issue is potentially impacting all > of their issued TLS certificates issued between September 30, 2016 and > March 5, 2019. On March 5, 2019 KPN switched to using 96 bit serial numbers > (already planned a while ago, this was not related to the current issue at > hand). > > 3/12/2019 10:30 Due to the potential impact of revoking (and replacing) > the PKIoverheid certificates from KPN issued in the period an incident is > raised within Logius. KPN PKIoverheid certificates are in use by many Dutch > government parties including the national ID system (DigiD), the tax > services and Dutch customs. Because of this a crisis team is formed (also > due to the fact that March/April is the month in which most tax returns > need to be filed and the ever increasing change of a no-deal Brexit, which > would greatly impact Dutch Customs) . > > 3/13/2019 12:00 Logius PKIoverheid orders KPN to further investigate which > certificates are exactly affected and order KPN to revoke the certificates > in question. > > 3. Whether your CA has stopped, or has not yet stopped, issuing > certificates with the problem. A statement that you have will be considered > a pledge to the community; a statement that you have not requires an > explanation. > > All certificates issued by KPN after March 5 08:30 are using 96-bit serial > numbers. As mentioned this was a change unrelated to the current issue. As > far as we know there are no TSPs within PKIoverheid other than KPN were up > to recently issuing certificates with this issue. Further investigation is > ongoing to see if there are possible historic issuance that might be > impacted by this issue. We will post an update when we have more > information. > > 4. A summary of the problematic certificates. For each problem: > number of certs, and the date the first and last certs with that problem > were issued. > > Potentially 22.000 TLS certificates issued by KPN CAs > https://crt.sh/?id=63094369 and https://crt.sh/?id=16678400. Also > potentially ~350 EV certificate issued by CA https://crt.sh/?id=15971988. > Investigation is still ongoing to which certificates are exactly affected. > > 5. The complete certificate data for the problematic certificates. > The recommended way to provide this is to ensure each certificate is logged > to CT and then list the fingerprints or crt.sh IDs, either in the report or > as an attached spreadsheet, with one list per distinct problem. > > Still being collected. Will update when available. > > 6. Explanation about how and why the mistakes were made or bugs > introduced, and how they avoided detection until now. > > As stated in the timeline, the Programme of Requirements (PoR, CP) > PKIoverheid already stipulated the use of a serial number with a 64-bit > length. When ballot 264 went into effect, both the PA and the TSPs > determined that PKIoverheid was already compliant. The conversations about > the underlying thoughts or intent of the ballot were seen at the time but > not taken into account when deciding the final impact. The final text of > the ballot after it was passed was used to check if implementations were > correct. In this case the TSP also relied on the configuration of EJBCA and > assumed that this was the correct implementation (again, also based on > their interpretation of the text). > > > 7. List of steps your CA is taking to resolve the situation and > ensure such issuance will not be repeated in the future, accompanied with a > timeline of when your CA expects to accomplish these things. > > Still being worked on. The intention is to revoke all affected > certificates within 30 days. Will update when we have more information. > > [1] > https://groups.google.com/d/msg/mozilla.dev.security.policy/vl5eq0PoJxY/W1D4oZ__BwAJ > > > > Kind regards, > > Jochem van den Berge CISSP > > Logius PKIoverheid > Public Key Infrastructure for the Dutch government > ........................................................................ > Logius > Ministry of the Interior and Kingdom Relations (BZK) > Wilhelmina van Pruisenweg 52 | 2595 AN | The Hague > PO Box 96810 | 2509 JE | The Hague > ........................................................................ > [email protected]<mailto:[email protected]> > http://www.logius.nl<http://www.logius.nl/> > > > Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u > niet de geadresseerde bent of dit bericht abusievelijk aan u is > toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht > te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van > welke aard ook, die verband houdt met risico's verbonden aan het > elektronisch verzenden van berichten. > This message may contain information that is not intended for you. If you > are not the addressee or if this message was sent to you by mistake, you > are requested to inform the sender and delete the message. The State > accepts no liability for damage of any kind resulting from the risks > inherent in the electronic transmission of messages. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
