1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date. In Bug 1551364 "SwissSign: "Some-State" in stateOrProvinceName", Ryan Sleevi reported potential issues in relation to OIDs in the CP/CPS of SwissSign Gold PKI (https://bugzilla.mozilla.org/show_bug.cgi?id=1551364#c2).
In the subsequent internal analysis SwissSign found the following: - The SwissSign Gold CP/CPS with OID 2.16.756.1.89.1.2.1.7 is missing on the online archive under https://repository.swisssign.com and is only available in the internal archive. - For the SwissSign Gold CP/CPS with OID 2.16.756.1.89.1.2.1.7, the certificate profile for end user certificates for G22 in section 7.1.2 f) was still 2.16.756.1.89.1.2.1.6 instead of 2.16.756.1.89.1.2.1.7 - For the SwissSign Gold CP/CPS with OID 2.16.756.1.89.1.2.1.8, the certificate profile for end user certificates for G22 in section 7.1.2 f) was still 2.16.756.1.89.1.2.1.6 instead of 2.16.756.1.89.1.2.1.8 - By applying the certificates profiles out the CP/CPS correctly, SwissSign issued certificates with a reference to an OID that did not match the applicable valid CP/CPS for these certificates. Concretely: i) between 14.09.2017 - 12.10.2017 under the wrong OID 2.16.756.1.89.1.2.1.6 instead of 2.16.756.1.89.1.2.1.7. ii) between 12.10.2017 - 16.07.2018 under the wrong OID 2.16.756.1.89.1.2.1.6 instead of 2.16.756.1.89.1.2.1.8. - Note: No EV certificates are affected by this issue Because of the above findings we additionally checked the SwissSign Silver product line which resulted in similar findings - The SwissSign Silver CP/CPS with OID 2.16.756.1.89.1.3.1.8 is missing on the online archive under https://repository.swisssign.com and is only available in the internal archive. - For the SwissSign Silver CP/CPS with OID 2.16.756.1.89.1.3.1.7, the certificate profile for end user certificates for G22 in section 7.1.2.6 was still 2.16.756.1.89.1.3.1.6 instead of 2.16.756.1.89.1.3.1.7. - For the SwissSign Silver CP/CPS with OID 2.16.756.1.89.1.3.1.8, i) the title page showed for this CP/CPS the OID is 2.16.756.1.89.1.3.7 instead of 2.16.756.1.89.1.3.8 in contrast to section 1.2 ii) the certificate profile for end user certificates for G22 in section 7.1.2.6 was still 2.16.756.1.89.1.3.1.6 instead of 2.16.756.1.89.1.3.1.8 - By applying the certificates profiles out the CP/CPS correctly, SwissSign issued certificates with a reference to an OID that did not match the applicable valid CP/CPS for these certificates. Concretely: i) between 15.09.2017 - 16.10.2017 under the wrong OID 2.16.756.1.89.1.3.1.6 instead of 2.16.756.1.89.1.3.1.7. ii) between 16.10.2017 - 28.06.2018 under the wrong OID 2.16.756.1.89.1.3.1.6 instead of 2.16.756.1.89.1.3.1.8. As part of the risk impact analysis, all changes in the concerned CP/CPS were revisited. All changes were related either to a change in regulations not directly impacting the issued certificate (i.e. CT Log and CAA) respectively to an audit finding requiring a statement on used key length and algorithms for the subscriber’s QCSD in the CP/CPS. Therefore, the risk analysis did not show any security impact for our customers nor for the community by further usage of these certificates. The detailed impact was shared with TÜV Trust IT to confirm our interpretation. We did not identify any relevant changes that would put the customer at risk by usage of the impacted certificates. 2. A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done. [May-14-2019 Post Ryan Sleevi] Notification of potential OID divergence in one of the CP/CPS Gold documents [May-15-2019] Start of validation of potential issue [May-17-2019] SwissSign validates the issue in the 2 CP/CPS Gold mentioned above. [May-20-2019] Confirmation of issue on a partial set of certificates and decision to initiate a full analysis. Risk impact analysis recorded a formal issue triggering a revocation of the concerned certificates, no security impact for our customers nor for the community by further usage of these certificates was identified. [May-21-2019] Information of auditor (TüV Trust IT) about issue. [May-23-2019] Management Board acknowledged the issue and the associated risks. [May-27-2019] First results of analysis syndicated and validated on Gold product line. Decision to extend analysis to Silver product line. [May-29-2019] Results confirmed for Gold product line scope, information to the management board of the additional extend, information of the auditor about the need to post a misissuance report to Bugzilla. [June-04-2019] Confirmation that Silver product line is also in scope of issue, Information of auditor about the additional scope [June-07-2019] Proposal for staged revocation plan of the concerned 72430 certificates until end of 2019 agreed SwissSign internally, discussed with auditor for agreement [June-11-2019] Post on Bugzilla 3. Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation. Yes, the currently issued certificates have the correct OID. All CP/CPs after July 16, 2018 on Gold product line and after June 28, 2018 on Silver product line have the correct OID in the certificate profile in section 7.1.2. 4. A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued. Our two related roots for SwissSign's SSL and S/MIME certificate products are concerned: The silver product line issued - between 15.09.2017 - 16.10.2017 under the wrong OID 2.16.756.1.89.1.3.1.6 instead of 2.16.756.1.89.1.3.1.7. - between 16.10.2017 - 28.06.2018 under the wrong OID 2.16.756.1.89.1.3.1.6 instead of 2.16.756.1.89.1.3.1.8. The gold product line issued - between 14.09.2017 - 12.10.2017 under the wrong OID 2.16.756.1.89.1.2.1.6 instead of 2.16.756.1.89.1.2.1.7. - between 12.10.2017 - 16.07.2018 under the wrong OID 2.16.756.1.89.1.2.1.6 instead of 2.16.756.1.89.1.2.1.8. In total, 72430 certificates as per June 11, 2019 are concerned. 5. The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem. Please check the Bugzilla post for a list of the certificates (https://bugzilla.mozilla.org/show_bug.cgi?id=1558552) 6. Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now. Section 7.1 (Certificate Profiles) in CP/CPS had the wrong OID for leafs certificates. Our analysis was not able to pinpoint a single event/task to explain the issue. As the update of the CP/CPS is a tedious manual process, we assume that the four eyes check updating the OID-parameter failed due to human error. We therefore looked at the entire process of managing the CP/CPS and identified the following weaknesses: - Change Control on the variable parameters is difficult to implement in the process as it has limited support in the used tooling (i.e. word editor). Variable parameters such as the OID in the certificate profile are prone to copy-paste errors in the process. - Dual control tasks are not part of an end-to-end checklist which makes human error more likely. 7. List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish these things. SwissSign will execute a staged revocation of the concerned 72430 certificates until end of 2019. SwissSign has already taken steps to address the introduced weaknesses. We will parametrize future CP/CPS in a way that parameters such as OID are centrally set in a template with no update possibility in the individual CP/CPS. The parameter fields will be constraint by rules for valid changes. In addition, we also enhance our current end-to-end checklist for the different process steps with special attention to dual control tasks. The text above incl. the certificate list is additionally posted at Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1558552 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
