On 14/03/2019 10:59, Rob Stradling via dev-security-policy wrote: > On 13/03/2019 22:28, Richard Moore via dev-security-policy wrote: <snip> >> If any other CA wants to check theirs before someone else does, then now is >> surely the time to speak up. > > Someone else is in the process of checking... ;-)
The purpose of this survey is to flush out any further CAs that are (or have been) noncompliant with BR 7.1 but have not yet disclosed an incident. Having scanned the crt.sh database, I have produced the following spreadsheet. It covers all certificates known to crt.sh where the notBefore date is between 30th September 2016(*) and 22nd February 2019(**), and where the issuing CA... - is currently trusted by Mozilla to issue serverAuthentication certificates, and - has issued at least 1 certificate with a <64-bit serial number. https://docs.google.com/spreadsheets/d/1K96XkOFYaCIYOdUKokwTZfPWALWmDed7znjCFn6lKoc/edit?usp=sharing When a value in column E is 100%, this is pretty solid evidence of noncompliance with BR 7.1. When the values in column E and G are both approximately 50%, this suggests (but does not prove) that the CA is handling the output from their CSPRNG correctly. For some issuing CAs, the sample sizes are too small to be able to draw any conclusions. (*) This date was chosen because BR 7.1 says: "Effective September 30, 2016, CAs SHALL generate non-sequential Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG." (**) This is when Wayne started the discussion about DarkMatter, which is what prompted the discovery that many CAs were falling short of BR 7.1. -- Rob Stradling Senior Research & Development Scientist Sectigo Limited _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
